OpenSSL Secures New FIPS 140-2 Validation

by Vitaly Popovich [Published on 9 Feb. 2007 / Last Updated on 9 Feb. 2007]


Contact:
John Weathersby, Open Source Software Institute
jmw@oss-institute.org

OpenSSL Secures New FIPS 140-2 Validation

Open Source Cryptographic Module Once Again

Available for Government Adoption and Usage

Hattiesburg, MS Wednesday, February 7, 2007 The Open Source Software Institute (OSSI) announced today the FIPS 140-2 validation of the
OpenSSL FIPS Object Module, a cryptographic library based on the widely used OpenSSL product. The official validation certificate (#733) is now
posted at the NIST FIPS 140-1 and 140-2 Cryptographic Modules Validation List (http://csrc.nist.gov/cryptval/140-1/1401val2007.htm).

The OpenSSL FIPS Object Module is freely available and can be downloaded immediately athttp://www.openssl.org/source/openssl-fips-1.1.1.tar.gz.
The OpenSSL FIPS Object Module Security Policy and User Guide are also available for download through the OSSI website (www.oss-institute.org)
and may be used and reproduced without restriction.

--------------------------

Why this is important to government, IT and open source readers:

1) Information Assurance (IA) programs/modules, such as OpenSSL, must achieve government validation (FIPS & Common Criteria) before they can
be acquired or used within Dept of Defense systems. (govt policy which regulates this is the National Security Telecommunications and
Information Systems Security Policy (NSTISSP) Number 11)

2) FIPS validation demonstrates validity, durability and security of the open source OpenSSL crypto module...as secure as any comparable
"commercial version" validated module. Strict scrutiny of the transparent, open source code caused some delays, but outcome resulted
in the most thoroughly viewed and tested module available.

3) Validation demonstrated the efficient nature of the open source development model. Updates and modification were made in hours, not days
or months.

4) Cost benefit to all government, industry and private developers and im

Contact:
John Weathersby, Open Source Software Institute
jmw@oss-institute.org

               OpenSSL Secures New FIPS 140-2 Validation

              Open Source Cryptographic Module Once Again 

              Available for Government Adoption and Usage

Hattiesburg, MS Wednesday, February 7, 2007 The Open Source Software Institute (OSSI) announced today the FIPS 140-2 validation of the
OpenSSL FIPS Object Module, a cryptographic library based on the widely used OpenSSL product. The official validation certificate (#733) is now
posted at the NIST FIPS 140-1 and 140-2 Cryptographic Modules Validation List (http://csrc.nist.gov/cryptval/140-1/1401val2007.htm).

The OpenSSL FIPS Object Module is freely available and can be downloaded immediately athttp://www.openssl.org/source/openssl-fips-1.1.1.tar.gz.
The OpenSSL FIPS Object Module Security Policy and User Guide are also available for download through the OSSI website (www.oss-institute.org)
and may be used and reproduced without restriction. 

--------------------------

Why this is important to government, IT and open source readers:

1) Information Assurance (IA) programs/modules, such as OpenSSL, must achieve government validation (FIPS & Common Criteria) before they can
be acquired or used within Dept of Defense systems.  (govt policy which regulates this is the National Security Telecommunications and
Information Systems Security Policy (NSTISSP) Number 11)

2) FIPS validation demonstrates validity, durability and security of the open source OpenSSL crypto module...as secure as any comparable
"commercial version" validated module.  Strict scrutiny of the transparent, open source code caused some delays, but outcome resulted
in the most thoroughly viewed and tested module available.

3) Validation demonstrated the efficient nature of the open source development model. Updates and modification were made in hours, not days
or months.

4) Cost benefit to all government, industry and private developers and implementers who wish to adopt the open source OpenSSL Object module.
It is freely available, as it has already been paid for by DoD and industry sponsors.

5) All documentation (Security Guide and User Policy) is being made freely available for download or reuse without restriction.  Also, the
test vectors will be released so that others who wish to undertake a similar validation effort will have documentation and reference
materials.  This too, is viewed as part of the original package and paid for by DoD and other sponsoring entities.

For additional information, please contact:
John Weathersby, OSSI tel: 601.427.0152

John M. Weathersby, Jr.
Executive Director
Open Source Software Institute
National Center for Open Source
Policy and Research
tel: 601.427.0152

Ad maiorem dei gloriam (AMDG)
Audentes fortuna juvat
(fortune favors the bold)

Add Review or Comment

See Also

Featured Links