|
OpenSSL FIPS Program History |
|
|
FIPS Validated OpenSSL: Program History
A detailed FAQ (Frequently Asked Questions) document regarding OSSI's FIPS 140-2 validation effort for OpenSSL at
FIPS Validated OpenSSL FAQ .
What is OpenSSL? -- (wikipedia) - OpenSSL is an open source general purpose cryptographic library that includes implementation of the SSL and TLS protocols. The core library (written in the C programming language) implements the basic cryptographic functions and provides various utility functions. Wrappers allowing the use of the OpenSSL library in a variety of computer languages are available. Versions are available for a vast array operating systems (including Linux, Mac OS X and various open source BSD operating systems), as well as for Microsoft Windows.
Layman's terms: -- OpenSSL (Open Secure Socket Layer) is an open source cryptographic library that is used to ensure secure connections for information shared across the Internet.
Click: "read more" below for complete article
------------------------------------------------------------------------------------------------------
|
|
Read more...
|
|
|
NIST Computer Security Resource Center |
|
|
The FIPS 140-1 and FIPS 140-2 validation lists contain those cryptographic modules that have been tested and validated under the Cryptographic Module Validation Program as meeting requirements for FIPS PUB 140-1 and FIPS PUB 140-2. A validation certificate has been issued for each of the modules listed. A single validation certificate may list multiple modules. A single validation entry may list multiple versions of the validated module. The validation entry is the official validation information. The provided image of the original validation certificate is for reference only. Updates may have occurred since the printing of the original certificate and will only appear on the validation entry. This list is typically updated either the day of or day after a certificate is issued.
====================================================================================================================================
Click here for updated NIST FIPS 140-2 Pre-Validation "In-Process" List (PDF)
updated weekly by NIST
The Cryptographic Module Validation Program (CMVP) FIPS 140-1 and FIPS 140-2 Modules In Process List is provided for information purposes only. Participation on the list is voluntary and is a joint decision by the vendor and Cryptographic Module Testing (CMT) laboratory. Modules are listed alphabetically by name. Blank entries indicate modules in process but joint decision made not to post. Posting on the list does not imply guarantee of final FIPS 140-1 or FIPS 140-2 validation.The following phases describe the FIPS 140-1 and FIPS 140-2 modules in process. The status of each cryptographic module in the process is identified in the list.
=================================================================================================================================
|
|
|
CMVP Testing Labs |
|
|
CMVP Accredited Testing Laboratories
Currently, there are thirteen (13) laboratories accredited by the National Institute of Standards and Technology, National Voluntary Laboratory Accreditation Program (NVLAP) which perform test for FIPS 140-1 and FIPS 140-2, Security Requirements for Cryptographic Modules, and for testing of FIPS-approved algorithms.
While each lab must provide the highest level of technical expertise to secure CMVP accreditation, the Open Source Software Institute has worked with two of these labs and highly recommends their services based upon their technical expertise and persistence.
These labs include:
|
DOMUS IT SECURITY LABORATORY
NUVO NETWORK MANAGEMENT INC
2650 QUEENSVIEW DR, SUITE 100
OTTAWA ON K2B 8H6
CANADA
Tel: (613) 726-5019
Fax: (613) 721-1399
Email: Jason Lawlor, Director of Sales
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
|
|
Aspect Labs, a division of BKP Security, Inc.
3080 Olcott Street, Suite 110-A
Santa Clara, CA 95054-3221
Phone: 1-888-347-7140
Fax: 1-408-492-1419
E-mail:
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
|
======================================================================================================================================
|
|
|
"Rolling Validation" Program (03/01/07) |
|
|
OpenCyrpto Management Program
"Rolling Validation" project overview
As part of the OpenCrypto Management Program, OSSI will perform a continuing series of "Rolling Validations" for the OpenSSL Object Module. This overview provide insight into the strategic and tactical aspects of this unique project.
-----------------------------------------------------------------------------
|
|
Read more...
|
|
|
OpenSSL FIPS Validation Program 
National Center for Open Source Policy and Research
