Re: Can applications built with 'FIPS Capable OpenSSL' be called as 'FIPS 140-2' certified?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



No, strictly speaking, you cannot. Just because you use a FIPS 140-2
certified cryptographic module doesn't mean that your application is
FIPS 140-2 certified. It means that your application includes (or
uses) a FIPS 140-2 certified cryptographic module. Or, as it is
sometimes called, "FIPS Inside".

Any organization that cares will ask for the CMVP certificate number
and look it up. The certificate will identify the validated
configuration.

On Wed, 3 Jul 2019 at 13:05, Dipak B <deepak.redmi2@xxxxxxxxx> wrote:
>
> Dear Experts,
>
> Can you please help with the following questions?
> All inputs are appreciated.
>
> a) Can we call an Win32 application built with FIPS Capable OpenSSL as FIPS 140-2 Certified in strict sense?
> where FIPS Capable OpenSSL is OpenSSL built using the FOM (fipscanister.lib)
>
> I am seeking clarity although read through both Users Guide and Security Policy.
>
> Thank you,
> Deepak



-- 
Eric Jacksch, CPP, CISM, CISSP
eric@xxxxxxxxxxx
Twitter: @EricJacksch
https://SecurityShelf.com



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux