OpenSSL Regains FIPS 140-2 Validation.

Open Source Cryptographic Module Once Again Available for Government Adoption and Usage

HATTIESBURG, Miss. -- The Open Source Software Institute (OSSI) announced today the FIPS (Federal Information Processing Standards) A series of publications issed by the U.S. National Institute of Standards and Technology (NIST) that specifies information security guidelines for federal government departments and agencies. 140-2 re-validation of the OpenSSL FIPS Object Module, a cryptographic library based on the widely used OpenSSL product. The official validation certificate (#733) is now posted at the NIST (National Institute of Standards & Technology, Washington, DC, www.nist.gov) The standards-defining agency of the U.S. government, formerly the National Bureau of Standards. It is one of three agencies that fall under the Technology Administration (www.technology. FIPS 140-1 and 140-2 Cryptographic Modules Validation List http://csrc.nist.gov/cryptval/140-1/1401val2007.htm.

The OpenSSL FIPS Object Module is freely available for download at http://www.openssl.org/source/openssl-fips-1.1.1.tar.gz . The OpenSSL FIPS Object Module Security Policy and User Guide are also available for download through the OSSI website www.oss-institute.org and may be used and reproduced without restriction.

"The OpenSSL FIPS Object Module is CMVP-validated software, paid for by DoD and corporate sponsors, and is now available at no additional cost for government and other entities to acquire and implement," said OSSI executive director John Weathersby. "By once again securing FIPS 140 validation for the OpenSSL Object Module, we've helped to demonstrate the validity and durability of the open source development model, even within the most stringent confines of the government Information Assurance (IA) validation process."

OpenSSL is an open source library that provides cryptographic functionality to applications such as secure web servers. The Cryptographic Module Validation Program The Cryptographic Module Validation Program (CMVP) is a joint American and Canadian security accreditation program for cryptographic modules. The program is available to any vendors who seek to have their products certified for use by the U.S. (CMVP CMVP Cryptographic Module Validation Program (NIST/CSE)
CMVP Certified Measurement and Verification Professional ), a joint effort between the U.S. National Institute of Standards and Technology National Institute of Standards and Technology, governmental agency within the U.S. Dept. of Commerce with the mission of "working with industry to develop and apply technology, measurements, and standards" in the national interest. (NIST) and the Canadian Communications Security Establishment Noun 1. Communications Security Establishment - Canadian agency that gathers communications intelligence and assist law enforcement and security agencies
CSE

international intelligence agency - an intelligence agency outside the United States (CSE (Certified Systems Engineer) See Microsoft certification. ), validates cryptographic modules to Federal Information Processing Standards (standard) Federal Information Processing Standards - (FIPS) United States Government technical standards published by the National Institute of Standards and Technology (NIST). (FIPS) 140-2 and other cryptography-based standards.

"This validation is a first," noted Steve Marquess, the OSSI technical project manager for this effort. "Government programs, and the commercial vendors supplying those programs, now have access to a validated cryptographic library supporting the very popular OpenSSL API without the delays and expense of separate FIPS 140-2 validations for each and every application."

The FIPS validated OpenSSL Cryptographic Module v1.1.1 is defined as a specific discrete unit of binary object code generated from a specific OpenSSL source distribution. This source distribution is compiled to create a library that is used to provide a cryptographic API (Application Programming Interface) to external applications, and is compatible with a wide variety of hardware and operating system platforms.

Additional information available at www.oss-institute.org.

COPYRIGHT 2007 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Publication:	Business Wire
Date:	Feb 6, 2007
Words:	380
Previous Article:	FSV Payment Systems Officially Opens Jacksonville Customer Service Center.
Next Article:	Boston Dentist Makes In-Home Calls to Housebound Patients.
Topics:	Open source software Public software

Related Articles
NIST'S CRYPTOGRAPHIC MODULE VALIDATION PROGRAM VALIDATES 100TH CRYPTOGRAPHIC MODULE.(Brief Article)
NIST'S CRYPTOGRAPHIC MODULE VALIDATION PROGRAM ADDS FIFTH TESTING LABORATORY.(National Institute of Standards and Technology)(Brief Article)
NIST'S CRYPTOGRAPHIC MODULE VALIDATION PROGRAM ADDS FIRST PDA DEVICE.(National Instititue of Standards and Technology)(Brief Article)
NIST'S CRYPTOGRAPHIC MODULE VALIDATION PROGRAM ADDS WEB ACCESS FOR SECURITY POLICIES.(National Institute of Standards and Technology)(Brief Article)
New security standard for federal agencies effective in November. (News Briefs).(Brief Article)
NIST's Cryptographic Module Validation Program achieves major milestones. (News Briefs).(Brief Article)
Logica awarded first approved crypto IT security testing lab outside North America.
NIST validates 100th Advanced Encryption Standard implementation.(General Developments)
Blue Ridge's secure platform assures compliance with HSPD-12 data access mandates.(Blue Ridge Networks, Homeland Security Presidential Directive)
The Open Source Community OpenSSL Project Adopts the Next Generation International Standard Cipher 'Camellia', Developed in Japan.