Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules
1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
All

*** NOTE: Module descriptions were provided by the vendors, and their contents have not been verified for accuracy by NIST or CSE. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (non-FIPS-approved algorithms) have not been validated or tested through the CMVP. ***

Questions regarding modules on this list should first be directed to the appropriate vendor.

Cert#	Vendor	Cryptographic Module	Module Type	Val. Date	Level / Description
613	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 2851 Integrated Services Router (Hardware Version: 2851, AIM Version: 1.0, Board Version: D0; Firmware Version: 12.3(11)T03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/23/2005	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #219 and #96); Triple-DES (Certs. #311 and #210); SHS (Certs. #300 and #317); HMAC (Certs. #84 and #50); RNG (Cert. #97) -Other algorithms: DES (Certs. #292 and #233); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC MD5; RSA (non-compliant); RC4 Multi-chip standalone "The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard."
612	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 2811 and Cisco 2821 Integrated Services Router (Hardware Versions: 1841 and 2801; Firmware Version: 12.3(11)T03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/23/2005	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #219 and #181); Triple-DES (Certs. #311 and #283); SHS (Certs. #300 and #267); HMAC (Certs. #29 and #27); RNG (Cert. #31) -Other algorithms: DES (Certs. #292 and #275); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5; RSA (non-compliant); RC4 Multi-chip standalone "The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard."
611	Litronic, Inc. 17861 Cartwright Irvine, CA 92614 USA -Cameron Durham TEL: 949-851-1085 FAX: 949-851-8588	jForté/HAT Cryptographic Module (Hardware Version: P/N 078-2010-02 Version J002; Firmware Version: 3.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/23/2005	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #306); Triple-DES MAC (Cert. #306, vendor affirmed); SHS (Cert. #294); RSA (Cert. #46); RNG (Cert. #59); Skipjack (Cert. #15) -Other algorithms: DES (Cert. #289); DES MAC (Cert. #289, vendor affirmed) Single-chip "The high assurance jForté/HAT module is a multi-function, secure device, specifically engineered to provide expanded storage and accelerated processing of complex cryptographic functions. jForté/HAT also provides high data throughput via its dual I/O interface, supporting both ISO7816-3 and Full Speed USB. The module is available in several different packaging configurations - smart card module, 24-pin SOIC or bare die. Our patented smart card packaging provides access to both 7816-3 and USB interfaces so the same smart card will work in both standard readers, at 7816 speeds, and in high-speed USB readers and Full Speed USB."
610	Avaya, Inc. Atidim Technology Park Tel Aviv, 61131 Israel -Pesah Spector TEL: 972-3-6459162 FAX: 972-3-6458462	G250 and G250-BRI Branch Office Media Gateways w/FIPS (Hardware Versions: 700356231 and 700356223 Version 1.0; Firmware Version: 24.16.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/23/2005	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #330); AES (Cert. #242); SHS (Cert. #320); HMAC (Cert. #60); RSA (Cert. #60); RNG (Cert. #77) -Other algorithms: DES (Cert. #308); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; H.248 Link Encryption; Avaya Media Encryption; SSHv2 Multi-chip standalone "The Avaya G250 Branch Office Media Gateway w/FIPS and G250-BRI Branch Media Gateway w/FIPS are complete branch office business communications systems that integrate an IP telephony gateway, an advanced IP WAN router, and a PoE LAN switch into a compact (2U) chassis. Ideally suited for enterprise with distributed branch office locations of 2-10 extensions, the G250 and G250-BRI Gateways replace the complexity and cost of managing disparate key and voice systems with a survivable networked solution that is easy to deploy and can be administered from a central location."
609	Snapshield, Ltd. 1 Research Court Suite 450 Rockville, MD 20850 USA -Uri Naor TEL: 301-216-3805 FAX: 301-519-8001 -Rolando Rosas - Snap Defense Systems, LLC TEL: 703-766-6540 FAX: 703-766-6501	SNAPfone (Hardware Versions: P/N Snapfone Versions E and F; Firmware Versions: 7.10.1 v_7101 and 7.10.1 v_7101p2p) Snapfone (Hardware Versions: P/N Snapfone Versions E and F, Firmware Versions: 7.10.1v 7101 and 7.10.1v-l101p2p) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/23/2005; 01/13/2006; 01/27/2006	Overall Level: 2  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #302); SHS (Cert. #289); RNG (Cert. #53) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "SNAPfone is a compact encryption termination unit capable of securing voice communications over analog telephone lines. SNAPfone performs high level encryption process with a new key draw for each session using Asymmetric Public Key Cryptography (1024 bit Diffie-Hellman) for key exchanging and Symmetric block cipher (192-bit 3DES) algorithm for session encryption. SNAPfone requires minimum user intervention with seamless operation." "The Snapfone is a plug-n-play encryption device for securing communications over regular analog (POTS) or fax lines. Snapfone is designed for compatibility among major telephone and PBX brands. It can also be deployed as a shared resource device when connected to a PBX. Its small footprint and 1101220v connectivity allows for easy transport and maximum flexibility. The cryptographic core engines are optimized for minimal voice latency providing superior voice quality. Snapfones can also be configured as a distributed secure voice network solution among groups and between multiple locations."
608	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE® Crypto-C Micro Edition (ME) (Software Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/13/2005; 01/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Red Hat Linux 7.2; Red Hat Enterprise Linux AS3.0; Solaris 8 (Sun OS 5.8) Sparc V8; Solaris 8 (Sun OS 5.8) Sparc V8+; Solaris 8 (Sun OS 5.8) Sparc V9; Microsoft Windows Mobile 2003; Microsoft Windows XP SP2; IBM AIX 5L 5.3; HP-UX 11.23 Itanium 2; HP-UX 11.23 PA-RISC 2.0W; HP-UX 11.11 PA-RISC 2.0; VxWorks 5.4 PPC 604; VxWorks 5.5 PPC 603; VxWorks 5.5 PPC 604 -FIPS-approved algorithms: DSA (Cert. #143); Triple-DES (Cert. #378); AES (Cert. #303); CCM (Cert. #7); SHS (Cert. #380); RSA (Cert. #96); RNG (Cert. #130); ECDSA (Cert. #11); HMAC (Cert. #113) -Other algorithms: MD2; MD5; HMAC MD5; DES; DES40; RC2; RC4; RC5; ECAES; ECDRBG; RSA (key wrapping, key establishment methodology provides at least 80 bits of encryption strength); Diffie-Hellman (key agreement, key establishment methodology provides at least 80 bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 285 bits of encryption strength) Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA Security Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
607	Juniper Networks, Inc. 1194 Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-3032	Juniper Networks NetScreen-204 and 208 (Hardware Version: P/N NS-204 and NS-208 Version 0110; Firmware Versions: ScreenOS 5.0.0r9a.h and 5.0.0r9b.h) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/12/2005; 01/26/2006; 05/16/2006; 06/14/2006; 06/20/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Cert. 118); DSA (Cert. #132); SHS (Cert. 103); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert. #33) -Other algorithms: DES (Cert. #174); MD5; Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Juniper Networks NetScreen-204 and 208 are purpose-built internet security appliances that deliver firewall, VPN, and traffic shaping optimized for the most demanding environments such as medium and large enterprise offices, e-business sites, data centers, and carrier infrastructures."
606	Juniper Networks, Inc. 1194 Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-3032	Juniper Networks NetScreen-5XT (Hardware Version: P/N NS-5XT Version 1010; Firmware Versions: ScreenOS 5.0.0r9a.h and 5.0.0r9b.h) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/12/2005; 01/26/2006; 05/16/2006; 06/14/2006; 06/20/2006	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Cert. #118); DSA (Cert. #132); SHS (Cert. #103); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert. #33) -Other algorithms: DES (Cert. #174); MD5; Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Juniper Networks NetScreen-5XT is a purpose-built Internet security appliance that delivers firewall, VPN and traffic shaping that offers a complete security solution for telecommuters, small-sized companies and branch offices. Featuring two 10 Base-T Ethernet ports (trust and untrusted), the Juniper Networks NetScreen-5XT performs at near wirespeed, protecting the LAN from attack and providing IPSEC based VPN capabilities."
605	Juniper Networks, Inc. 1194 Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-3032	Juniper Networks NetScreen-5400 (Hardware Version: P/N NS-5400 Version 3010; Firmware Versions: ScreenOS 5.0.0r9a.h and 5.0.0r9b.h) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/12/2005; 01/26/2006; 05/16/2006; 06/14/2006; 06/20/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Certs. #118 and #133); SHS (Certs. #103 and #119); RSA (Cert. #24); HMAC (Cert. #52); DSA (Cert. #132); RNG (Cert. #33) -Other algorithms: DES (Certs. #174 and #184); MD5; Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Juniper Networks NetScreen-5400 is a purpose-built, high-performance security system designed to deliver a new level of high-performance capabilities for large enterprise, carrier, and data center networks. The NetScreen-5400 security system integrates firewall, DoS, DDoS protection, VPN, and traffic management functionality in low-profile modular chassis."
604	Juniper Networks, Inc. 1194 Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-3032	Juniper Networks NetScreen-500 (Hardware Version: P/N NS-500 Version 4110; Firmware Versions: ScreenOS 5.0.0r9a.h and 5.0.0r9b.h) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/12/2005; 01/26/2006; 05/16/2006; 06/14/2006; 06/20/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #244); Triple-DES (Cert. #50); DSA (Cert. #134); SHS (Cert. #47); RSA (Cert. #23); HMAC (Cert. #54); RNG (Cert. #32) -Other algorithms: DES (Cert. #115); MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80-bits of encryption strength) Multi-chip standalone "The Juniper Networks NetScreen-500 is a purpose-built internet security appliance that provides advanced firewall, IPSec VPN, and traffic management functionality, optimized for the most demanding environments such as medium and large enterprise offices, carrier infrastructures, or service providers."
603	Juniper Networks, Inc. 1194 Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-3032	Juniper Networks NetScreen-5200 (Hardware Version: P/N NS-5200 Version 3010; Firmware Versions: ScreenOS 5.0.0r9a.h and 5.0.0r9b.h) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/12/2005; 01/26/2006; 05/16/2006; 06/14/2006; 06/20/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Certs. #118 and #133); DSA (Cert. #132); SHS (Certs. #103 and #119); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert. #33) -Other algorithms: DES (Certs. #174 and #184); MD5; Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Juniper Networks NetScreen-5200 is a purpose-built, high-performance security system designed to deliver a new level of high-performance capabilities for large enterprise, carrier, and data center networks. The NetScreen-5200 security system integrates firewall, DoS and DDoS protection, VPN, and traffic management functionality in low-profile modular chassis."
602	Juniper Networks, Inc. 1194 Mathilda Ave. Sunnyvale, CA 94089 USA -Simon Gerraty TEL: 408-745-2348 FAX: 408-745-8905	JUNOS-FIPS (Firmware Versions: 7.2R1.7 and 7.4R1.7) Validated to FIPS 140-2 Security Policy Certificate	Firmware	12/12/2005; 05/16/2006	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Tested: Routing Engine RE 3.0, Routing Engine RE 4.0, Routing Engine 5.0, Routing Engine RE 5.0+ -FIPS-approved algorithms: AES (Certs. #259 and #260); HMAC (Certs. #70, #71, #72, #73 and #79); DSA (Cert. #137); RNG (Cert. #93); RSA (Cert. #69); SHS (Certs. #336, #337, #338, #339 and #340); Triple-DES (Certs. #341, #342, #343 and #344) -Other algorithms: DES (Certs. #316, #317, #318 and #319); MD5; Diffie-Hellmann (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "JUNOS firmware is the first routing operating system designed specifically for the Internet. It runs on all Juniper Networks T-series, M-series, and Jseries routers, and is currently deployed in the largest and fastest growing networks worldwide. Its full suite of industrial strength routing protocols, flexible policy language, and leading MPLS implementation efficiently scale to large numbers of network interfaces and routes. As well, JUNOS firmware supports the industry's first production-ready GMPLS implementation."
601	Avaya, Inc. Atidim Technology Park Bldg. 3 Tel Aviv, 61131 Israel -Pesah Spector TEL: 972-3-6459162 FAX: 972-3-6458462	G350 Branch Office Media Gateway w/FIPS (Hardware Version: P/N 700356249 Version 1.0; Firmware Version: 24.16.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/08/2005	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #273); AES (Certs. #171 and #251); SHS (Cert. #256); HMAC (Cert. #61); RSA (Cert. #17); RNG (Cert. #21) -Other algorithms: DES (Cert. #269); Diffie-Hellman (key agreement; key establishment methodology provides at least 80 bits of encryption strength); MD5; H.248 Link Encryption; Avaya Media Encryption; SSHv2; DSA (non-compliant) Multi-chip standalone "The Avaya G350 Branch Office Media Gateway w/FIPS is a complete branch office business communications system that integrates an IP telephony gateway, an advanced IP WAN router, and a high-performance LAN switch into a compact (3U) modular chassis. Ideally suited for enterprise with distributed branch office locations of 8-40 extensions, the G350 replaces the complexity and cost of managing disparate key and voice systems with a survivable networked solution that is easy to deploy and can be administered from a central location."
600	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484 USA -Douglas Clark TEL: 203-924-3500 FAX: 203-924-3406	Pitney Bowes iButton Postal Security Device (PSD) (Hardware Version: DS1955B PB4 4.00) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/08/2005	Overall Level: 3  -Physical Security: Level 3 +EFT -FIPS-approved algorithms: Triple-DES (Cert. #185); SHS (Cert. #167); DSA (Cert. #90); Triple-DES MAC (Cert. #185; vendor affirmed); RNG (Cert. #86) -Other algorithms: RSA (encrypt/decrypt); HMAC (non-compliant) Multi-chip standalone "The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP), and Deutsche Post's FrankIT New Generation Digital Franking program. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digital metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
599	Blue Ridge Networks 14120 Parke Long Court Suite 101 Chantilly, VA 20151 USA -Nancy Canty TEL: 703-633-7331 FAX: 703-631-9588	BorderGuard 5000 (Hardware Versions: BorderGuard 5100, 5200, 5400, 5500 and 5600; Firmware Version: DPF1 V7.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/08/2005	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #173 and #116); Triple-DES (Certs. #275 and #57); SHS (Certs. #258 and #49); HMAC (Certs. #21 and #22) -Other algorithms: DES (Certs. #271 and #119); DES MAC (Cert. #119; vendor affirmed); IDEA; HMAC-MD5; MD5; RSA (non-compliant); RSA BSAFE Crypto-C RNG; HiFn 7855 RNG; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength for Models 5100, 5200 and 5400; and between 80 and 150 bits of encryption strength for Models 5500 and 5600; non-compliant less than 80-bits of encryption strength)) Multi-chip standalone "The BorderGuard hardware models 5100, 5200, 5400, 5500 and 5600 version DPF1 7.1 firmware are standalone hardware security appliances (routers) used to secure Internet traffic. The cryptographic module consists of firmware running on a dedicated hardware device. The module is a multi-chip-standalone device."
598	Mobile Armor, LLC 400 South Woods Mill Rd. Chesterfield, MO 63017 USA -Bryan Glancey TEL: 636-449-0239 FAX: 314-205-2303 -Chand Vyas TEL: 636-449-0239 FAX: 314-205-2303	Mobile Armor Warp Drive (Software Version: 2.1.0.0) Validated to FIPS 140-2 Security Policy Certificate	Software	12/01/2005	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional Service Pack 2 (in single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #349); AES (Cert. #267); SHS (Cert. #346); HMAC (Cert. #81) -Other algorithms: N/A Multi-chip standalone "Mobile Armor's highly optimized Microsoft Windows Certified Driver for Windows XP provides reliable high speed strong cryptographic services for systems running Mobile Armor's DataArmor Enterprise Mobile Data Protection software."
597	Oberthur Card Systems 4250 Pleasant Valley Road Chantilly, VA 20151 USA -Christophe Goyet TEL: 310-884-7900 FAX: 310-884-7904	ID-One Cosmo 32 v5 (Hardware Version: P/N 90; Firmware Version: E311-063842) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/01/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #303); Triple-DES MAC (Cert. #303, vendor affirmed); SHS (Cert. #290); RSA (Cert. #42); RNG (Cert. #99) -Other algorithms: DES (Cert. #286); DES MAC (Cert. #286, vendor affirmed); MD5 Single-chip "The ID-One Cosmo 32 v5 is a JavaCard cryptographic module specifically designed for identity and government market needs. It offers a full 32K Byte of EEPROM space available for customer discretionary use, together with on-card cryptographic services such as TDES (using double and triple length DES keys), and 2048-bit RSA with on-card key generation. The cryptographic module loads and runs applets written in Java programming language. It includes a native implementation of the latest Java Card TM (Version 2.2) and Open Platform (Version 2.1.1A) specifications, with full support for Delegated Management and DAP / Mandated DAP, that define a secure infrastructure for post-issuance programmable platforms. Additional features include On-Card fingerprint matching and Logical Channels."
596	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 3825 and Cisco 3845 Integrated Services Router (Hardware Versions: 3825 and 3845; Firmware Version: 12.3(11)T03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/01/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs.#210 and #311); AES (Certs. #96 and #219); RNG (Cert. #97); SHS (Certs. #300 and #317); HMAC (Certs. #50 and #84) -Other algorithms: DES (Certs. #233 and #292); Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 96 bits of encryption strength); MD5; HMAC-MD5; RC4; RSA (non-compliant) Multi-chip standalone "The Cisco 3800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 3800 Series routers offer embedded encryption acceleration on the motherboard. By integrating security functions directly into the router itself, Cisco can provide unique intelligent security solutions, such as network admissions control (NAC) for antivirus defense; Voice and Video Enabled VPN (V3PN) for quality-of-service (QoS) enforcement when combining voice, video, and VPN; and Dynamic Multipoint VPN (DMVPN) and Easy VPN."
595	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE Crypto-J JCE Provider Module (Software Version: 3.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	12/01/2005; 03/06/2006; 10/12/2007; 01/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2 with Java JRE 1.4.2 (in single user mode) -FIPS-approved algorithms: DSA (Cert. #140); Triple-DES (Cert. #354); AES (Cert. #271); SHS (Cert. #356); RSA (Cert. #71); RNG (Cert. #106); HMAC (Cert. #86) -Other algorithms: DES (Cert. #326); Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 112 bits of encryption strength); DESX; MD2; MD5; RIPEMD 160; RNG (ANSI X9.31, MD5, SHA1; non-compliant); RC2; RC4; RC5; PBE (SHA256, SHA384, SHA512); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping, key establishment methodology provides between 80 bits and 150 bits of encryption strength); HMAC-MD5 Multi-chip standalone "RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
594	Motorola, Inc. 1301 E. Algonquin Rd. Schaumburg, IL 60196 USA -Mike French TEL: 847-435-5219	MCC7500 Secure Card Crypto Engine Cryptographic Module (Hardware Version: P/N CLN8131 Version B; Firmware Version: R02.00.00) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/01/2005; 06/14/2006	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -FIPS-approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2); SHS (Cert. #335); RNG (Cert. #121) -Other algorithms: DES (Cert. #151); DES-XL; DVI-XL; ADP; DVI-SPFL; DVP-XL Multi-chip embedded "The MCC7500 Secure Card Crypto Engine Cryptographic Module is a multiprocessor, cryptographic PCI card that provides encryption services for up to 60 audio streams for the Secure Operator Position (B1908) and Secure Archiving Interface Server (B1918). Each Secure Operator Position will contain one Secure Card providing encryption services for 60 simultaneous audio streams. Each Secure AIS will contain 1 or 2 Secure Cards providing encryption services for 60 or 120 audio streams, respectively. The Spare Crypto Card (B1924) may be used to upgrade an Operator Position or AIS."
593	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 x2921 FAX: 519-886-4839	BlackBerry® Cryptographic Kernel (Firmware Versions: 3.8.3.3, 3.8.3.5, 3.8.3.6 and 3.8.3.7) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	12/01/2005	Overall Level: 1  -Design Assurance: Level 3 -Tested: BlackBerry 7290 with BlackBerry OS Version 4.1 -FIPS-approved algorithms: Triple-DES (Cert. #366); AES (Cert. #291); SHS (Cert. #365); HMAC (Cert. #100); RSA (Cert. #82); RNG (Cert. #115); ECDSA (Cert. #9) -Other algorithms: EC Diffie-Hellman (key agreement); ECMQV (key agreement) Multi-chip standalone "BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-toend solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry®."
592	High Density Devices AS Vestre Strandgate 26 Kristiansand, N-4611 Norway -Aage Kalsaeg TEL: +47 38 10 44 80 FAX: +47 38 10 44 99	SecureD v.1.6 (Hardware Version: HW P/N SecureD v.1.6 Version 1.6.4; Firmware Version: 1.6.1) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/01/2005; 01/05/2007	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #324); AES (Cert. #174) -Other algorithms: Multi-chip embedded "SecureD is a hardware based encryption device that offers optimal, fully integrated, protection for stored data in IDE data bus based computer systems. SecureD operates fully transparent at the speed of ATA-6 AT API. SecureD is using AES 128/192/256 bits encryption/decryption, and is 100% operating system independent. No SW is installed. Ideal for encryption of disks in Desktop environment, Laptop, and USB/Firewire connected disks."
591	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 x2921 FAX: 519-888-6906	BlackBerry Enterprise Server™ Cryptographic Kernel (Software Versions: 1.0.2.5, 1.0.2.7, 1.0.2.8, 1.0.2.9 and 1.0.2.10) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	12/01/2005; 05/10/2007; 06/08/2007	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows 2000 Server SP4 -FIPS-approved algorithms: Triple-DES (Cert. #364); AES (Cert. #289); SHS (Cert. #363); HMAC (Cert. #98); RNG (Cert. #114); ECDSA (Cert. #8) -Other algorithms: Rijndael; EC Diffie-Hellman (key agreement, key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement, key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic ryptographic functionality for the BlackBerry® Enterprise Server."
590	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE Crypto-J Software Module (Software Versions: 3.5 [1], 3.5.2 [2] and 3.5.3 [3]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	11/18/2005; 03/06/2006; 05/17/2006; 12/18/2006; 10/12/2007; 01/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP2 with Java JRE 1.4.2. (in single user mode) -FIPS-approved algorithms: DSA (Cert. #139); Triple-DES (Cert. #353); AES (Cert. #270); SHS (Cert. #355); RSA (Certs. #70 [1] and #185 [2]); RNG (Cert. #105); HMAC (Cert. #85) -Other algorithms: DES (Cert. #325); Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 112 bits of encryption strength); DESX; MD2; MD5; RIPEMD 160; RNG (X9.31, MD5, SHA1); RC2; RC4; RC5; PBE (SHA256, SHA384, SHA512); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping, key establishment methodology provides between 80 bits and 150 bits of encryption strength); HMAC-MD5 Multi-chip standalone "RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
589	Mobile Armor, LLC 400 South Woods Mill Rd. Chesterfield, MO 63017 USA -Bryan Glancey TEL: 636-449-0239 FAX: 314-205-2303 -Chand Vyas TEL: 636-449-0239 FAX: 314-205-2303	Mobile Armor Crypto Module (Software Version: 2.1.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/18/2005	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional Service Pack 2 and Red Hat Enterprise Linux 3.0 (in single user mode); Pocket PC 2003 -FIPS-approved algorithms: Triple-DES (Cert. #351); AES (Cert. #268); SHS (Cert. #348); RNG (Cert. #98); HMAC (Cert. #83) -Other algorithms: Multi-chip standalone "Mobile Armor's Cross platform implementation of Cryptographic Services for use in Enterprise Mobile Data Security products on the Linux, Windows XP, and Windows CE platform."
588	Bluesocket, Inc. 10 North Avenue Burlington, MA 01803 USA -Mike Puglia TEL: 781-328-0888	Bluesocket WG-5000 Wireless Gateway (Hardware Versions: 870-500FF-002, 870-500FT-002, 870-500TF-002 and 870-500TT-002; Firmware Versions: 3.1.1.8.fips.13, 4.1.0.11.fips.6 and 4.1.0.11.fips.7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/18/2005; 12/08/2006	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #76 and #254); Triple-DES (Certs. #335 and #250); RSA (Cert. #14); RNG (Cert. #16); SHS (Certs. #228 and #329); HMAC (Certs. #12 and #63) -Other algorithms: DES (Cert. #313); Diffie-Hellman (key agreement); MD5; HMAC MD5 Multi-chip standalone "The Bluesocket WG-5000 Wireless Gateway provides a single scalable solution to the security, quality of service (QoS), and management issues facing institutions, enterprises, and service providers who deploy 802.11 and Bluetooth-based wireless networks."
587	Bluesocket, Inc. 10 North Avenue Burlington, MA 01803 USA -Mike Puglia TEL: 781-328-0888	Bluesocket WG-2100 Wireless Gateway (Hardware Versions: 870-212FF-002, 870-212FT-002, 870-212TF-002 and 870-212TT-002; Firmware Versions: 3.1.1.8.fips.13, 4.1.0.11.fips.6 and 4.1.0.11.fips.7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/03/2005; 12/08/2006	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #76 and #253); Triple-DES (Certs. #187 and #250); RSA (Cert. #14); RNG (Cert. #16); SHS (Certs. #228 and #229); HMAC (Certs. #11 and #12) -Other algorithms: DES (Cert. #223); Diffie-Hellman (key agreement, key establishment methodology provides 80-bits of encryption strength); RSA (PKCS#1, key wrapping, key establishment methodology provides 80-bits of encryption strength); MD5; HMAC MD5 Multi-chip standalone "The Bluesocket WG-2100 Wireless Gateway provides a single scalable solution to the security, quality of service (QoS), and management issues facing institutions, enterprises, and service providers who deploy 802.11 and Bluetooth-based wireless networks."
586	E.F. Johnson Co. 123 N. State St. Waseca, MN 56093 USA -John Oblak TEL: 507-837-5116 FAX: 507-837-5120	Subscriber Encryption Module (SEM) (Hardware Versions: 023-5000-980, 023-5000-982, 023-5000-984 and 039-575-1200; Firmware Versions: 4.0, 4.1 and 4.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/03/2005	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #217); SHS (Cert. #238); HMAC (Cert. #80); DSA (Cert. #110); RNG (Cert. #5) -Other algorithms: DES (Cert. #291); SecureNet DES 1 bit CFB with differential encoding and decoding Multi-chip embedded "The E.F. Johnson Co. Subscriber Encryption Module (SEM) is a cryptographic module meeting FIPS 140-2, Level 1 requirements. The SEM provides Subscriber Equipment, such as the E.F. Johnson Co. 5100 series radio with secure and encrypted voice communication. The SEM supports AES OTAR, AES, DES, DSA, and SHA-1 FIPS Approved algorithms. These algorithms are used for data or voice communication and protection of SEM firmware. The SEM can be implemented into any Subscriber Equipment requiring FIPS 140-2 Level 1 security."
585	Bluefire Security Technologies 1040 Hull Street #101 Baltimore, MD 21230 USA -Phil Smith TEL: 410-637-8160 FAX: 410-637-8172	Bluefire Mobile Security™ FIPS Cryptographic Module (Software Version: 1.9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/02/2005	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 Service Pack 4, PocketPC 2003 (single user mode) -FIPS-approved algorithms: DSA (Cert. #121); Triple-DES (Cert. #288); AES (Cert. #192); SHS (Cert. #272); RSA (Cert. #29); RNG (Cert. #39); HMAC (Cert. #7) -Other algorithms: DES (Cert. #278); MD2; MD5; HMAC-MD5; RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 80 bits and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 150 bits of encryption strength) Multi-chip standalone "The Bluefire Mobile Security™ FIPS Cryptographic Module is Bluefire Security Technologies' cryptographic library designed for securing mobile devices such as personal digital assistants (PDA’s) and Smart Phones based on the Microsoft Windows Mobile platform. It contains assembly-level optimizations on key wireless processors while offering great flexibility and choice by allowing developers to select only the algorithms needed in reduced code sizes. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
584	Credant Technologies Corporation 15303 Dallas Parkway Suite 1420 Addison, TX 75001 USA -Chris Burchett TEL: 972-458-5407 FAX: 972-458-5454	Credant Cryptographic Kernel[1] and CmgCryptoLib[2] (Software Versions: 1.5[1] and 1.7[2]) Validated to FIPS 140-2 Security Policy Certificate	Software	11/02/2005; 11/04/2005; 12/07/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Version 1.5 tested as meeting Level 1 with Palm OS 5.4.5. Version 1.7 tested as meeting Level 1 with Windows Mobile 5, Windows Mobile 6, Windows XP SP2 (single user mode), Windows Vista 32-bit (single user mode), and Symbian Series 60 -FIPS-approved algorithms: Triple-DES (Cert. #336); AES (Cert. #255); SHS (Cert. #330); HMAC (Cert. #65); RNG (Cert. #88) -Other algorithms: N/A Multi-chip standalone "CREDANT CmgCryptoLib (previosuly known as CREDANT Cryptographic Kernel) is a FIPS 140-2 validated, software based cryptography library that implements Triple-DES, AES, ANSI X9.31 RNG, SHA-1, and HMAC-SHA-1 algorithms for CREDANT Mobile Guardian (CMG). CMG provides centrally managed mobile data protection via strong authentication, Intelligent Encryption and usage controls with guaranteed data recovery for laptops, desktops, removable media, PDAs and smart phones."
583	NeoScale Systems, Inc. 1655 McCarthy Blvd. Milpitas, CA 95035 USA -Rose Quijano-Nguyen TEL: 408-473-1313 -Chris Winter TEL: 408-473-1393	CryptoStor FC2002W SAN Security Appliance (Hardware Version: 820-0001-06 Rev2; Firmware Version: 2.2.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/27/2005; 11/07/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #275 and #285); AES (Certs. #173 and 183); SHS (Cert. #269); RSA (Cert. #26); HMAC (Cert. #25); RNG (Cert. #35) -Other algorithms: N/A Multi-chip standalone "The NeoScale CryptoStor FC2002 appliance, is a Fibre Channel Storage Area Network (SAN) data security appliance that provides data flow control and encryption based on configured policy rules. Operating as a fully transparent, in-line storage appliance, the FC2002 inspects storage traffic and applies information flow controls and strong encryption to the data payload at gigabit rates. Storage data privacy policies are centrally managed, employing access and encryption rules which are easily modified to suit current and evolving storage infrastructures. Deep frame inspection allows access and encryption policies to be dynamically applied at wirespeed. True gigabit throughput with low latency and transparent operation ensures uninterrupted, scalable storage data protection."
582	Oceana Sensor Technologies, Inc. 1632 Corporate Landing Parkway Virginia Beach, VA 23454 USA -Alex Kalasinski TEL: 757-426-3678 FAX: 757-426-3633 -Don Kennamer TEL: 757-426-3678 FAX: 757-426-3633	Fortress Cryptographic Library (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/27/2005	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environment (JRE) 1.4.2 running on Windows 2000 Service Pack 4 (single-user mode) -FIPS-approved algorithms: AES (Cert. #256); Triple-DES (Cert. #337); RSA (Cert. #65); SHS (Cert. #331); HMAC (Cert. #66); RNG (Cert. #89) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); Rijndael Multi-chip standalone "The Oceana Sensor Technologies Fortress Cryptographic LibraryTM (FCL) is a cryptographically secure interface to applications both internal and external to the OST product. It has many features and supports AES, Triple DES and RSA. It is entirely a software product."
581	Fortress Technologies, Inc. 4023 Tampa Rd. Suite 2000 Oldsmar, FL 34677 USA -David Aylesworth TEL: 813-288-7388 FAX: 813-288-7389	AirFortress™ Wireless Security Gateway (Hardware Version: Model AF2100; Firmware Versions: 2.5 and 2.1.0.AFG1178ag) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/27/2005; 04/26/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #14); Triple-DES (Cert. #107); SHS (Cert. #316); HMAC (Cert. #62) -Other algorithms: DES (Cert. #23); Diffie-Hellman (non-compliant key agreement; key establishment methodology provides 56 bits of encryption strength); MD5; RSA (non-compliant) Multi-chip standalone "The AirFortress ™ Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AF Gateway provides encryption, data integrity checking, authentication, access control, and data compression."
580	Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA -Simon Gerraty TEL: 408-745-2348 FAX: 408-745-8905	AS2-FIPS PIC (Hardware Versions: PB-AS2-FIPS, PE-AS2-FIPS, Rev. A and B; Software Versions: 7.2R1.7 and 7.4R1.7; Firmware Version: 560-011740 (Rev. 4.008)) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/25/2005 12/02/2005; 01/27/2006; 06/14/2006; 12/19/2006	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: RSA (Cert. #69); Triple-DES (Certs. #341 and #350); SHS (Certs. #336 and #347); HMAC (Cert. #71); RNG (Cert. #93) -Other algorithms: MD5; DES (Cert. #324); RSA (key wrapping, key establishment methodology provides 80-bits of encryption strength) Multi-chip standalone "The Adaptive Services (AS) Physical Interface Card (PIC) is a multi-chip embedded cryptographic module, which supports a new level of services integration and performance. The AS2-FIPS PIC supports compressed real time protocol (CRTP), high-speed Network Address Translation (NAT), stateful firewall, tunnel services, IPSec encryption and J-Flow accounting today while having built-in headroom to support additional services in the future. With high-speed NAT and stateful firewall, providers can protect their networks and simultaneously deploy network-based security and VPN solutions."
579	M/A Com, Inc. 221 Jefferson Ridge Parkway Lynchburg, VA 24501 USA -Greg Farmer TEL: 434-455-9577	P7130IP Select, P7150IP Scan Portable and M7100IP Mobile Two-Way FM Radio (Hardware Versions: RU101188V1, RU101188V21, RU101188V12, RU101188V22, RU101188V31, KRY1011632/13, KRY1011632/11, RU101219V21, RU101219V51, RU101219V61, RU101219V63, RU101219V41, RU101219V71 and RU101219V73; Firmware Version: H8 version: J2R06B03; DSP version: F7R01A16) (When operated in FIPS mode) Revoked Security Policy Certificate	Hardware	10/25/2005; 08/16/2006; 10/22/2007	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #155) -Other algorithms: DES (Cert. #241); DES MAC (Cert. #241, vendor affirmed); VGE (M/A-Com proprietary digital voice encryption algorithm) Multi-chip standalone "The P7150IP Scan Portable/M7100IP Mobile are M/A COM's premier radios for critical communications. Guided by customer feedback, M/A COM designed the P7150IP and M7100IP to excel in the challenging environments that critical communications users encounter. The radios provide a superior combination of features, functions, and physical attributes. They are light and extremely durable, easy to use while wearing gloves, and produces loud and clear audio. A rugged high-tier portable, the radios provide exceptional performance even under adverse conditions."
578	Certicom Corp. 5520 Explorer Drive Fourth Floor Mississauga, Ontario L4W 5L1 Canada -Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 -Worldwide Sales & Marketing Headquarters TEL: 703-234-2357 FAX: 703-234-2356	Security Builder FIPS Java Module (Software Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/25/2005; 07/20/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environment (JRE) 1.3.1 and 1.4.2 running on Windows 2003 x86 (Binary compatible to Windows 98/2000/XP); Red Hat Linux Application Server 3.0 x86 (Binary compatible to AS 2.1); Solaris 2.9 32-bit SPARC; Solaris 2.9 64-bit SPARC -FIPS-approved algorithms: Triple-DES (Cert. #318); AES (Cert. #227); SHS (Cert. #307); HMAC (Cert. #37); RNG (Cert. #68); DSA (Cert. #128); ECDSA (Cert. #6); RSA (Cert. #54) -Other algorithms: DES (Cert. #298); ARC2; ARC4; MD2; MD5; HMAC-MD5; Diffie-Hellman (key agreement); EC Diffie-Hellman (key agreement); EC MQV (key agreement); RSA (Cert. #52, key wrapping) Multi-chip standalone "The Security Builder FIPS Java Module is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications. The Security Builder FIPS Java Module is intended for use by developers who want government level security and can also be used in conjunction with other Certicom developer toolkits including Security Builder PKI and Security Builder SSL."
577	M/A Com, Inc. 221 Jefferson Ridge Parkway Lynchburg, VA 24501 USA -Greg Farmer TEL: 434-455-9577	P7170IP System Portable Two-Way FM Radios (Hardware Versions: RU101219V22, RU101219V42, RU101219V52, RU101219V62, RU101219V72; Firmware Version: H8 version: J2R06B03; DSP version: F7R01A16) (When operated in FIPS mode) Revoked Security Policy Certificate	Hardware	10/25/2005; 08/16/2006; 10/22/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #155); -Other algorithms: DES (Cert. #241); DES MAC (Cert. #241, vendor affirmed); VGE (M/A-Com proprietary digital voice encryption algorithm) Multi-chip standalone "The P7170IP is M/A COM's premier portable radio for critical communications. Guided by customer feedback, M/A COM designed the P7170IP to excel in the challenging environments that critical communications users encounter. The P7170IP provides a superior combination of features, functions, and physical attributes. It is light and extremely durable, easy to use while wearing gloves, and produces loud and clear audio. A rugged high-tier portable, the P7170IP provides exceptional performance even under adverse conditions."
576	PalmSource, Inc. 1188 East Arques Avenue Sunnyvale, CA 94085 USA -Laurent Sanchez TEL: 408-400-3000 FAX: 408-400-1510	Cryptographic Provider Module + FIPS Provider (Software Version: 5.2.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/25/2005	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Palm Tungsten™ C running Palm OS version 5.2.1 -FIPS-approved algorithms: AES (Cert. #114); Triple-DES (Cert. #226); HMAC (Cert. #46); RNG (Cert. #63); SHS (Certs. #303 and #202) -Other algorithms: N/A Multi-chip standalone "The PalmSource Cryptographic Provider Module + FIPS Provider version 5.2.2 is a software library that implements cryptographic functions and is contained within a defined cryptographic boundary using the PalmOS version 5.2.1."
575	ActivCard, Inc. 6623 Dumbarton Circle Fremont, CA 94555 USA -Eric Le Saint TEL: 510-745-6211 FAX: 510-574-0101	ActivCard Digital Identity Applet Suite v2.5 on OCS ID-One Cosmo 64 v5 (Hardware Versions: P/N 77, Version E302, E303-063683, E303-063792; Firmware Versions: ACA v2.5.1, PKI/GC/SKI v2.5.1, SMA v2.5.1, ASC v2.5.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/25/2005; 05/26/2006	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #123); Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94) -Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed) Single-chip "The ActivCard Digital Identity Applet Suite v2.5 on OCS ID-One Cosmo 64 v5: Provides enhanced functionality, flexibility, and security based on the ActivCard Applet v2 frameworks; Is backward compatible with earlier versions of ActivCard applets; Offers a more open, stable, and flexible platform on which developers can build and deploy smart card applications; Is compliant with GSC-IS 2.1 virtual machine comman interface; Supports GSC-IS 2.1 data model; Can be configured for Level and Level 3 modes."
574	RedCannon Security 42808 Christy Street Suite #108 Fremont, CA 94538 USA -Kurt Lennartsson TEL: 510-498-4104 FAX: 510-498-4109 -Brian Wood TEL: 410-902-9779	RedCannon Cryptographic Module (Software Version: 1.3.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/19/2005	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional with Service Pack 2 (single user mode) -FIPS-approved algorithms: AES (Cert. #249); Triple-DES (Cert. #334); SHS (Cert. #327); HMAC (Cert. #58); RSA (Cert. #64); RNG (Cert. #87) -Other algorithms: DES (Cert. #312); TwoFish; BlowFish; Serpent; CAST; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80-bits and 150-bits of encryption strength); RSA (key generation; non-compliant); RSA (PKCS#1; key transport; key establishment methodology provides 80-bits of encryption strength) Multi-chip standalone "The RedCannon Crypto Module provides cryptographic support for the RedCannon line of products. The crypto module is used to create, manage and delete cryptographic keys as well as to perform cryptographic operations. The crypto module can be used for multiple functions within the RedCannon applications. It provides a structured set of APIs, which can be called to perform these functions. This provides flexibility for the module and the ability to add new applications for the crypto module functions in the future without changing the module itself."
573	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484 USA -Douglas Clark TEL: 203-924-3500 FAX: 203-924-3406	Pitney Bowes iButton Postal Security Device (PSD) (Hardware Version: DS1955B PB2 - 2.11) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/20/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #185); SHS (Cert. #167); DSA (Cert. #90); Triple-DES MAC (Cert. #185, vendor affirmed) -Other algorithms: DES (Cert. #222); RSA (PKCS#1, key wrapping); RSA (OAEP, key wrapping) Multi-chip standalone "The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP). It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds and the production of postage meter indicia in a variety of Pitney Bowes Metering products. The PSD has been designed to support international postal markets and their evolving requirements for digital indicia."
572	Gemalto Arboretum Plaza II 9442 Capital of Texas Highway North Suite 400 Austin, TX 78759 USA -Jerome Denis TEL: 512-257-3808	SafesITe TOP IM CY2 (aka Cyberflex Access 64K V2) Cryptographic Module (Hardware Versions: P/N A1002057, A1002631 and A1006577; Firmware Version: Hardmask 1V3) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/15/2005; 10/31/2005; 05/25/2006; 07/28/2008	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #312); Triple-DES MAC (Cert. #312, vendor affirmed); AES (Cert. #220); SHS (Cert. #301); RSA (Cert. #51); RNG (Cert. #64) -Other algorithms: DES (Cert. #293); DES MAC (Cert. #293, vendor affirmed); Single-chip "The Cyberflex Access 64K V2 smart card can be employed in solutions which provide secure PKI (public key infrastructure) and digital signature technology. Cyberflex Access 64K V2 serves as a highly portable, secure token for enhancing the security of network access and ensuring secure electronic communications. Cyberflex Access 64K V2 supports on-card Triple DES, AES and 2048-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.1.1 and Open Platform v2.0.1. The Cyberflex Access 64K V2 smart card is part of a range of Axalto highly secure, Java-based smart cards for physical and logical access, e-transactions and other applications."
571	AirMagnet, Inc. 1325 Chesapeake Terrace Sunnyvale, CA 94089 USA -Tony Ho TEL: 408-400-1255 FAX: 408-744-1250	SmartEdge Sensor AM-5010-11-AG and AM-5012-11AG (Hardware Versions: AM-5010-11-AG and AM-5012-11AG; Firmware Version: 5.2.0-2928) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	09/12/2005	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #214); Triple-DES (Cert. #307); SHS (Cert. #295); RSA (Cert. #47); RNG (Cert. #60); HMAC (Cert. #23) -Other algorithms: RC4; MD5; Diffie-Hellman (key agreement); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength); DSA (non-compliant); DES; RC2; IDEA Multi-chip standalone "The SmartEdge Sensor is equipped with patent pending AirWISE Analytical Engine that, in real time, monitors and analyzes the security, performance, and reliability of the wireless network."
570	Thales e-Security Meadow View House, Crendon Industrial Estate, Long Crendon Aylesbury, Buckinghamshire HP18 9EQ United Kingdom -Tim Fox TEL: +44 1844 201800 FAX: +44 1844 202170	Secure Generic Sub-System (SGSS), Version 3.2 (Hardware Versions: 1213B130, Rev 2 and 1213D130, Rev 3a; Software Version: 2.0.2) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	09/07/2005; 10/13/2005	Overall Level: 3  -FIPS-approved algorithms: DSA/SHS (Cert. #24); RSA (Cert. #53) -Other algorithms: Multi-chip embedded "The Secure Generic Sub-System (SGSS) is a multi-chip embedded module used to provide secure cryptographic resources to a number of products in the Thales e-Security portfolio. This includes the Datacryptor 2000 family, WebSentry family, HSM 8000 family, P3CM family, PaySentry, 3D Security Module and SafeSign Crypto Module. The SGSS contains a secure bootstrap and authenticates application loading using the Digital Signature Algorithm (DSA) and the RSA algorithm."
569	Funk Software, Inc. 222 Third Street Cambridge, MA 02142 USA -Steven Erickson TEL: 978-371-3980 x112 FAX: 978-371-3990	Odyssey Security Component and Odyssey Security Component/Portable (Software Version: 1.2) Validated to FIPS 140-2 Security Policy Certificate	Software	08/31/2005; 01/13/2006; 02/24/2006	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP, Red Hat Linux 9.0 (single user mode) -FIPS-approved algorithms: AES (Certs. #245 and #246); Triple-DES (Certs. #331 and #332); SHS (Certs. #322 and #323); HMAC (Certs. #53 and #55); RSA (Certs. #61 and #62); DSA (Certs. #133 and #135); RNG (Certs. #79 and #84); CCM (Certs. #2 and #3) -Other algorithms: DES (Certs. #309 and #310); Diffie-Hellman (key agreement) Multi-chip standalone "The Odyssey Security Component/Portable is Funk Software, Inc.'s general purpose cryptographic library. Wide-ranging algorithm support is provided, making the library suitable for use in applications such as wireless LAN, IPsec, SSL/TLS, EAP, and so on. Assembly language optimizations allow high-speed operation on specific platforms, while the portable (C) version can be used on a large variety of platforms."
568	Caymas Systems Inc. 1179-A N. McDowell Blvd. Petaluma, CA 94954 USA -Joe Howard TEL: 707-283-5000 FAX: 707-283-5001	Caymas Systems 525 Identity-Driven Access Gateway (Hardware Version: Rev. 100-000002; Firmware Version: R2.6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	08/30/2005	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #319, #320, #323, #325 and #326); AES (Certs. #229, #230, #233, #234 and #235); SHS (Certs. #308, #309, #312, #313 and #314); RSA (Certs. #55 and #56); RNG (Certs. #69, #70, #73 and #74); HMAC (Certs. #41, #42 and #45); DSA (Certs. #129, #130 and #131) -Other algorithms: DES (Certs. #299, #300, #303 and #304); Diffie-Hellman (key agreement); MD5; HMAC-MD5; RC4 Multi-chip standalone "The Caymas 318 and Caymas 525 are the world's first Identity-Driven Access Gateways, combining universal access, Identity-Based access control, integrated application security and federated policy enforcement. Caymas products are hardened, purpose-built appliances, with custom acceleration hardware allowing them to scale to thousands of users and multi-gigabit speeds in a single platform. With no per user or per feature pricing, Caymas gateways deliver radical price/performance for enterprises extending their information assets to internal and external users."
567	Caymas Systems Inc. 1179-A N. McDowell Blvd. Petaluma, CA 94954 USA -Joe Howard TEL: 707-283-5000 FAX: 707-283-5001	Caymas Systems 318 Identity-Driven Access Gateway (Hardware Version: Rev. 100-000001; Firmware Version: R2.6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	08/30/2005	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #321, #323, #325 and #326); AES (Certs. #231, #233, #234 and #235); SHS (Certs. #310, #312, #313 and #314); RSA (Certs. #55 and #56); RNG (Certs. #71, #73 and #74); HMAC (Certs. #43 and #45); DSA (Certs. #129, #130 and #131) -Other algorithms: DES (Certs. #301, #303 and #304); Diffie-Hellman (key agreement); MD5; HMAC-MD5; RC4 Multi-chip standalone "The Caymas 318 and Caymas 525 are the world's first Identity-Driven Access Gateways, combining universal access, Identity-Based access control, integrated application security and federated policy enforcement. Caymas products are hardened, purpose-built appliances, with custom acceleration hardware allowing them to scale to thousands of users and multi-gigabit speeds in a single platform. With no per user or per feature pricing, Caymas gateways deliver radical price/performance for enterprises extending their information assets to internal and external users."
566	WRQ, Inc. 1500 Dexter Avenue North Seattle, WA 98109 USA -Donovan Deakin TEL: 206-217-7500 FAX: 206-217-7515	Reflection Security Component for Java (Software Version: 1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/19/2005	Overall Level: 2  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 2 with Dell Optiplex GX 400 running Microsoft Windows 2000 Professional SP3 and Q326886 Hotfix and Sun Microsystems Java Runtime Environment version 1.4.1; HP Proliant ML 330 running Microsoft Windows 2000 Server SP3 and Q326886 Hotfix and Sun Microsystems Java Runtime Environment version 1.4.1 (configured in single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #305); AES (Cert. #213); RSA (Cert. #45); DSA (Cert. #126); SHS (Cert. #293); RNG (Cert. #57); HMAC (Cert. #20) -Other algorithms: DES (Cert. #288); MD5; HMAC-MD5; Diffie-Hellman (key agreement) Multi-chip standalone "Reflection® for the Web provides terminal emulation from a web browser. With this server-based solution you can connect local or remote users to applications on IBM, HP, UNIX, and OpenVMS hosts. You can also use its comprehensive management, security, and customization features to boost IT efficiency and user productivity."
565	Schweitzer Engineering Laboratories, Inc. 2545 NE Hopkins Court Pullman, WA 99163-5603 USA -David Whitehead TEL: 509-336-2417 FAX: 509-336-2406	SEL-3021 Serial Encrypting Transceiver (Hardware Version: P/N SEL-3021, Version 00004CA8; Firmware Version: SEL-3021-R105-V0-Z002001-D20050701) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/19/2005	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #202); SHS (Cert. #279); HMAC (Cert. #14); RNG (Cert. #46) -Other algorithms: N/A Multi-chip standalone "The SEL-3021 Serial Encrypting Transceiver is a bump-in-the-wire encryption device designed to add strong cryptographic security to new serial communications links and to provide an easy and effective security solution for existing serial communications networks. It is designed for use on both point-to-point byte oriented communications links and multidrop SCADA networks."
564	SkyTel Corp. 500 Clinton Center Drive Bldg. 2, Floor 4 Clinton, MS 39056 USA -Mike Sheffield TEL: 601-460-3627 FAX: 888-944-7396	SkyTel ST900 Secure 2Way (Hardware Version: P/N ST900, Version 2.0; Firmware Versions: 20050624 ver.f.2.9 and 20050705 ver.f.3.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/19/2005; 10/13/2005	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #261); RNG (Cert. #95); HMAC (Cert. #74); SHS (Cert. #341) -Other algorithms: Elliptic Curve Diffie-Hellman (key agreement) Multi-chip standalone "SkyTel ST900 Secure 2Way is a wireless product for agencies transmitting sensitive and critical communications. The device, an ST900 2Way pager, operates on narrowband PCS, recommended for reliability and superior inbuilding penetration. It is password-protected, with AES encryption and encryption key establishment based on ANSI X9.63."
563	Snapshield, Ltd. 1 Research Court Suite 450 Rockville, MD 20850 USA -Uri Naor TEL: 301-216-3805 FAX: 301-519-8001 -Rolando Rosas - Snap Defense Systems, LLC TEL: 703-766-6540 FAX: 703-766-6501	SNAPcell (Hardware Version: P/N Snapcell, Version 1.5; Firmware Versions: 5133 050322.2 SnapP2P.2 and 5133 050322.2 SnapP2MP.2) Snapcell (Hardware Version: P/N Snapcell-F, Version 1.5; Firmware Versions: SnapP2P.2 and SnapP2MP.2) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/19/2005 12/02/2005; 12/22/2005; 01/13/2006	Overall Level: 2  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #212); SHS (Cert. #289); RNG (Cert. #53) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "SNAPcell is a plug-in cellular accessory for Sony Ericsson handsets which enable secure end-to-end GSM communications. SNAPcell draws a new key for each session. SNAPcell requires minimum user intervention with seamless operation and due to the efficient implementation of the encryption algorithms it has minimum impact on the handset battery life. SNAPcell can be used across all four GSM frequency bands and the handset or the subscriber cannot be identifiable within the network. SNAPcell can be easily transferred from one device to another." "Snapcell is a high assurance, lightweight, micro-adapter that secures cellular communications, end-to-end on any GSM frequency (850/900/1800/1900). Snapcell is compatible with standard Sony-Ericsson (GSM) mobile phones. Snapcell is approved for exporting outside the USA. Snapcell is also available with an optional centralized enterprise manager gateway (CEMG) that provides a secure single-point of administration for networking up to several thousands of users over public and private networks. Snapcell is currently deployed by the U.S. Special Forces, U.S. Navy, Coalition partners and financial institutions in over 30 countries."
562	Wei Dai 13440 SE 24th Street Bellevue, WA 98005 USA -Wei Dai TEL: 425-562-9677	Crypto++ Library (Software Version: 5.2.3) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	07/29/2005; 08/24/2005; 10/28/2005	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional, Service Pack 1 (single user mode) -FIPS-approved algorithms: Skipjack (Cert. #14); Triple-DES (Cert. #309); AES (Cert. #216); SHS (Certs. #134 and #298); DSA (Cert. #79); RSA (Cert. #50); ECDSA (Cert. #5); HMAC (Cert. #26); RNG (Cert. #61); Triple-DES MAC (Cert. #309, vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "The Crypto++ Library is a free, open source C++ class library providing public key encryption, digital signatures, symmetric ciphers, hash functions, message authentication codes, and other cryptographic algorithms. The dynamic link library (DLL) is FIPS 140-2 Level 1 validated. The source code of the validated module is available upon request."
561	SPYRUS, Inc. 2355 Oakland Road Suite 1 San Jose, CA 95131 USA -Bill Bialick TEL: 410-964-6400 FAX: 410-964-5154	LYNKS Privacy Card (Hardware Version 2.0; Firmware Version: 1.c) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	07/29/2005	Overall Level: 2  -FIPS-approved algorithms: Skipjack (Cert. #1); DSA/SHA-1 (Cert. #1) -Other algorithms: DES (Cert. #50); RSA (non-compliant); Triple-DES; Diffie-Hellman (key agreement)); MD5; KEA Multi-chip standalone "The SPYRUS family of LYNKS Privacy Card tokens provides high performance, high assurance cryptographic processing in a personal, portable PC card form factor. The LYNKS Privacy Card product enables security- critical capabilities such as user authentication, message privacy and integrity, authentication, and secure storage in rugged, tamper-evident hardware."
560	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Klorida Miraj TEL: 425-421-5229 -Katharine Holdsworth TEL: 425-706-7923	Windows CE and Windows Mobile Enhanced Cryptographic Provider (RSAENH) (Software Versions: 5.01.01603 [1], 5.00.911762 [1], 5.04.17228 [2] and 5.05.19202 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/29/2005 08/24/2005; 06/21/2006; 06/28/2006; 06/29/2006; 12/08/2006; 05/14/2007; 02/21/2008; 04/04/2008	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows CE 5.01, Windows CE 5.00, Windows Mobile 6.0 and Windows Mobile 6.1 -FIPS-approved algorithms: AES (Certs. #224 [1] and #507 [2]); Triple-DES (Certs. #315 [1] and #517 [2]); RSA (Certs. #52 [1] and #222 [2]); RNG (Certs. #66 [1] and #286 [2]); SHS (Certs. #305 [1] and #578 [2]); HMAC (Certs. #31 [1] and #260 [2]) -Other algorithms: DES (Cert. #296 [1]); MD5; HMACMD5; RC2; RC4; DES [2] Multi-chip standalone "Microsoft Windows CE and Windows Mobile Enhanced Cryptographic Provider (RSAENH) is a general-purpose, software-based, cryptographic module for Windows CE and Windows Mobile. It can be dynamically linked into applications by software developers to permit the use of generalpurpose cryptography."
559	Nortel Networks 600 Technology Park Billerica, MA 01821 USA -Jonathan Lewis TEL: 978-288-8590 FAX: 978-288-4004 -David Passamonte TEL: 978-288-8973 FAX: 978-288-4004	Contivity® VPN Client (Software Version: 5.11_021) (When operated in FIPS mode with Microsoft® Enhanced Cryptographic Provider validated to FIPS 140-1 under Cert. #238 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	07/25/2005; 08/24/2005; 08/29/2005	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional Service Pack 2 (in single-user mode) -FIPS-approved algorithms: AES (Cert. #218); Triple-DES (Cert. #310); SHS (Cert. #299); HMAC (Cert. #28); RNG (Cert. #62) -Other algorithms: Diffie-Hellman (key agreement); DES; 40-bit DES; MD5; ECDH (key agreement); HMAC-MD5 Multi-chip standalone "The Contivity VPN Client provides stable, secure network access via Nortel VPN routers and VPN gateways. The client can be preconfigured and customized by IT administrators for quick install and connect, or easily configured by end users via the connection wizard. The VPN client works over all IP infrastructures including all wireless, broadband, and satellite services. The VPN client also supports seamless roaming, enabling a user to roam wirelessly without losing the virtual connection."
558	ActivCard, Inc. 6623 Dumbarton Circle Fremont, CA 94555 USA -Eric Le Saint TEL: 510-745-6211 FAX: 510-574-0101	ActivCard Digital Identity Applet Suite v2.5 on OCS ID-One Cosmo 64 v5 (Hardware Versions: P/N 77, Version E302, E303-063683, E303-063792; Firmware Versions: ACA v2.5.1, PKI/GC/SKI v2.5.1, SMA v2.5.1, ASC v2.5.1) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/25/2005; 05/26/2006	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #123); Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94) -Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed); Single-chip "The ActivCard Digital Identity Applet Suite v2.5 on OCS ID-One Cosmo 64 v5: Provides enhanced functionality, flexibility, and security based on the ActivCard Applet v2 frameworks; Is backward compatible with earlier versions of ActivCard applets; Offers a more open, stable, and flexible platform on which developers can build and deploy smart card applications; Is compliant with GSC-IS 2.1 virtual machine command interface; Supports GSC-IS 2.1 data model."
557	Telkonet Communications, Inc. 20374 Seneca Meadows Pkwy Germantown, MD 20876-7004 USA -Jill Parlett TEL: 410-627-3994 FAX: 240-912-1839	Telkonet G3 Series iBridge and Telkonet G3 Series eXtender (Hardware Versions: iBridge: IB8000, IB8001, IB8011, IB8200, IB8201, IB8211; eXtender: X7000, X7001, X7011, X7200, X7201, X7211; Firmware Versions: 2.12, 2.41 and 2.53) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/25/2005; 04/04/2006; 08/29/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #223) -Other algorithms: RSA (PKCS#1, key wrapping, key establishment methodology provides 80 bits of encryption strength); MD5 Multi-chip standalone "The Telkonet system uses power line communications (PLC) technology to deliver broadband internet to a building's existing electrical wiring. The system consists of four components: The Telkonet Gateway, Telkonet iBridge, Telkonet eXtender and Telkonet Coupler."
556	JP Mobile, Inc. 12000 Ford Road Suite 400 Dallas, TX 75234 USA -Kishore Kankipati TEL: 972-277-8340 FAX: 972-484-4154	SureWave Mobile Defense Security Kernel (Software Version: 5.0.050107) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/07/2005	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft PocketPC 2003 Premium -FIPS-approved algorithms: AES (Cert. #221); SHS (Cert. #302); Triple-DES (Cert. #313); Triple-DES MAC (Cert. #313, vendor affirmed); RNG (Cert. #65) -Other algorithms: DES (Cert. #294); Blowfish; MD5 Multi-chip standalone "The SureWave Mobile Defense Security Kernel controls the cryptographic functions of various versions of the SureWave Mobile Defense 4.0 software for Palm, Pocket PC, and Symbian OS enabled devices. Although the same kernel is used in all versions of PDA Defense 4.0, it has only been tested and validated for use on the Pocket PC 2003 Premium."
555	Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 USA -Javier Lorenzo TEL: 858-625-5020 -Hui Chen TEL: 510-936-4839	Sun Cryptographic Accelerator 4000 (Hardware Versions: 501-6040-02 and 501-6040-03 (Fiber), 501-6039-05 and 501-6039-06 (UTP/Copper); Firmware Versions: 2.0 and 2.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/07/2005; 07/28/2005; 09/16/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #190); AES (Cert. #79); SHS (Certs. #171 and #172); HMAC (Certs. #34 and #88); DSA (Cert. #92); RNG (Cert. #108); RSA (Cert. #95) -Other algorithms: DES (Cert. #225); MD5; HMAC-MD5; RC2 Multi-chip embedded "The Sun Cryptographic Accelerator 4000 (SCA 4000) is a highperformance secure networking solution for Sun servers. It is a PCI card consisting of a Gigabit Ethernet adapter with on-board cryptographic acceleration hardware and a secure cryptographic key store. The card enhances server network performance by off-loading compute intensive cryptographic calculations (asymmetric and symmetric) from the server's CPU, accelerating both IPsec and SSL processing. The SCA 4000 also provides a secure remote administration capability. It is tightly integrated with Sun's server hardware and software."
554	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484 USA -Douglas Clark TEL: 203-924-3500 FAX: 203-924-3406	Pitney Bowes iButton Postal Security Device (PSD) (Hardware Versions: DS1955B PB3 - 3.02 and DS1955B PB5 - 5.00) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/29/2005; 10/18/2005; 03/29/2006	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #185); SHS (Cert. #167); ECDSA (vendor affirmed); Triple-DES MAC (Cert. #185, vendor affirmed); RNG (Cert. #86) -Other algorithms: DES (Cert. #222); HMAC (non-compliant) Multi-chip standalone "The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the Canada Post Corporations Digital Indicia Standard. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digitial metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
553	Telkonet Communications, Inc. 20374 Seneca Meadows Pkwy Germantown, MD 20876-7004 USA -Jill Parlett TEL: 410-627-3994 FAX: 240-912-1839	Telkonet G3 Series Gateway (Hardware Versions: G3001 and G3201; Firmware Versions: GAF4.1.0, GAF4.2.0 and GAF4.2.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/27/2005; 07/07/2005; 03/29/2006; 08/29/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #223) -Other algorithms: RSA (PKCS#1, key wrapping, key establishment methodology provides 80 bits of encryption strength); MD5 Multi-chip standalone "The Telkonet system uses power line communications (PLC) technology to deliver broadband internet to a building's existing electrical wiring. The system consists of four components: The Telkonet Gateway, Telkonet iBridge, Telkonet eXtender and Telkonet Coupler."
552	Gemplus Corp. Avenue du Pic de Bretagne BP 100 Gemenos Cedex, 13881 France -Anthony Vella TEL: +33 (0) 4 42 36 61 38	GemXpresso Pro R3 E64 PK - FIPS with DAL C3 Applet Suite (Hardware Version: GP92; Firmware Versions: GXP3 - FIPS EI19 and GXP3 - FIPS EI19 with new ATR and fast ATR, Applets: Access Control Applet Version 1.0 and GSC Service Applet Version 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/20/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #95); SHS (Cert. #82); RSA (Cert. #33); Triple-DES MAC (Cert. #95, vendor affirmed); RNG (Cert. #44) -Other algorithms: DES (Cert. #155); DES MAC (Cert. #155, vendor affirmed); Single-chip "This module is based on a Gemplus Open OS Smart Card with a large 64K EEPROM memory, and on a cryptographic applet suite developed by Dreifus Associates LTD. Inc. The SmartCard platform has on board Triple DES and RSA algorithms and provides on board key generation. The Applet Suite supports management of 3DES keys and PINs, and provides services for authentication, access control, generic container and PKI . The module conforms to Java Card 2.1.1, Global Platform 2.0.1', and GSC-IS v2.1 standards-Card Edge Interface for VM cards, and is very well suited for US Government and Federal projects."
551	Neopost Technologies 113, rue Jean-Marin Naudin Bagneux, 92220 France -Thierry Le Jaoudour TEL: +33 (0) 1 45 36 30 36	N94i/155 SMM (Hardware Version: 3000186T A; Firmware Versions: 3800157W Version L4 (SH1), 3800159Y Version F (SH2)) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/16/2005; 10/03/2006	Overall Level: 3  -FIPS-approved algorithms: DSA (Cert. #120); SHS (Cert. #41); RNG (Cert. #38); ECDSA (vendor affirmed) -Other algorithms: Multi-chip embedded "The N94i/155 module is a postage meter supporting accounting and cryptographic functions for secure electronic transactions. Associated to a document transport system and an inkjet printhead, the module is capable of producing up to 110 envelopes per minute."
550	Priva Technologies, Inc. 1054 S. De Anza Blvd. Suite 201 San Jose, CA 95129 USA -William Sibert TEL: 312-560-5317 FAX: 208-330-3470	Priva Technologies Cleared IC (Hardware Version: P/N PC1002SC-2 Version 3.0; Firmware Version: 4.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/09/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #299) -Other algorithms: Single-chip "This tamper protected custom integrated circuit provides secure cryptographic and multi-factor authentication services, including encryption/decryption, secure transactions, data verification, key storage, and further key management and non-repudiation functions as part of the Priva Technologies Cleared Security Platform."
549	Oberthur Card Systems 4250 Pleasant Valley Road Chantilly, VA 20151 USA -Chrisophe Goyet TEL: 703-263-0100 FAX: 703-263-7134	ID-One Cosmo 64 v5 (Hardware Version: P/N 77; Firmware Version: E303-063792) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/09/2005; 09/23/2005; 08/16/2006; 04/30/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #123); Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94) -Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed); Single-chip "The ID-One Cosmo 64 v5 is a JavaCard cryptographic module with dual interface (ISO 7816 & ISO 14443) specifically designed for identity and government market needs. It offers a full 64K Byte of EEPROm space available for customer discretionary use, together with on card cryptographic services such as TDES, AES, Elliptic Curve and 2048-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.2 and Open Platform v2.1.1A. To protect against skimming, a built-in firewall allows application developers to disable contactless access for sensitive operations. Additional feature include On-Card fingerprint matching and Logical Channels. The ID-One Cosmo 64 v5 is available in contact only, dual interface, or contactless only formats."
548	Oberthur Card Systems 4250 Pleasant Valley Road Chantilly, VA 20151 USA -Christophe Goyet TEL: 703-263-0100 FAX: 703-263-7134	ID-One Cosmo 64 v5 (Hardware Version: P/N 77; Firmware Versions: E303-063683 and E303-063684) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/09/2005; 09/23/2005; 05/16/2006; 08/16/2006; 04/30/2007; 10/15/2007	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94) -Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed) Single-chip "The ID-One Cosmo 64 v5 is a JavaCard cryptographic module with dual interface (ISO 7816 & ISO 14443) specifically designed for identity and government market needs. It offers a full 64K Byte of EEPROM space available for customer discretionary use, together with on card cryptographic services such as TDES, AES, Elliptic Curve and 2048-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.2 and Open Platform v2.1.1A. To protect against skimming, a built-in firewall allows application developers to disable contactless access for sensitive operations. Additional features include On- Card fingerprint matching and Logical Channels. The ID-One Cosmo 64 v5 is available in contact only, dual interface, or contactless only formats."
547	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484-8000 USA -Dennis Crowe TEL: 203-924-3500 FAX: 203-924-3352	Compliant Meter Postal Security Device (CoMet PSD) (Hardware Versions: US: 1A00ABA Revision A and 1A0TAAA Revision A; German: 1A51AAA Revision B; Canada: 1AECABA Revision A and 1ACTAAA.) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/02/2005; 02/24/2006	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #98); Triple-DES MAC (Cert. #98, vendor affirmed); DSA (Cert. #58); SHS (Cert. #86); HMAC-SHA-1 (Cert. #86, vendor affirmed); Skipjack (Cert. #6); ECDSA (ANSI X9.62, vendor affirmed); RNG (vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement); RSA (PKCS#1, key wrapping) Multi-chip standalone "The Pitney Bowes Compliant Meter Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP), Canada Post Corporations Digital Indicia Standard, and Deutsche Post's FrankIT New Generation Digital Franking program. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digital metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
546	Juniper Networks, Inc. 1194 Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-3032	Juniper Networks NetScreen 204 and 208 (Hardware Version: P/N NS-204 and NS-208, Version 0110; Firmware Version ScreenOS 5.0 r9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/02/2005; 06/10/2005 12/02/2005; 01/26/2006; 06/20/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Cert. #118); DSA (Cert. #132); SHS (Cert. #103); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert. #33) -Other algorithms: DES (Cert. #174); MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Juniper Networks NetScreen-204 and 208 are purpose-built internet security appliances that deliver firewall, VPN, and traffic shaping optimized for the most demanding environments such as medium and large enterprise offices, e-business sites, data centers, and carrier infrastructures."
545