December 10, 2003

NIST/FIPS 140-2 Validation effort for OpenSSL

jmw writes

MS December 10, 2003 The Open Source Software Institute (
has posted an informational updated (FAQ) regarding the
collaborative effort to secure National Institute of Science and
Technology's (NIST) FIPS 140-2 level 1 cryptographic validation for

FAQ can be found on the the OSSI website

FAQ consists of 26 questions and answers that provide insight and
detail into the process of securing the Federal Information
Processing Standards (FIPS) 140-2 for OpenSSL (

are very satisfied with the progress made to date and wanted to
provide a public update on the effort, said OSSI executive
director John Weathersby. This validation will be unique in that
it will be the first applicable at the source code level, allowing
use by many applications on a wide variety of platforms to satisfy
FIPS 140-2 requirements. The availability of this open-source FIPS
140-2 validated cryptography will lower the cost and increase the
availability of cryptographic applications for the U.S. Government. He
noted that, our team has submitted the code to the testing lab
and now they're preparing the vendor evidence package. We'll have it
turned over to NIST at the beginning of the new year for them to
start their validation process.

members in the certification effort include: the Defense Medical
Logistics Standard Support Program (a DoD medical logistics
programs), HP, DOMUS IT Security Laboratory, PreVal Specialists, Inc
and representatives from the OpenSSL Project.

questions regarding the FIPS 140-2 validation effort for OpenSSL are
welcomed at

# # #



  • Open Source
Click Here!