-
CST Newsletter June 2020
We invite you to take a look at our current newsletter that contains information on algorithm transitions, updates to the FIPS IG and a breakdown of the changes in TEs from FIPS 140-2 to FIPS 140-3.
-
Congratulations to Qualcomm
One of the rewards of working in the evaluation and testing business is to see our customers succeed and show the results of their efforts. We are always happy to work with organizations who are committed to IT security and want to improve their products and processes for…
-
Zen, or the Art of FIPS Certificate Maintenance
by Andreas Fabis When we talk to our customers about FIPS 140-2 testing some questions regarding certificate maintenance frequently come up: There are many factors that can lead to module or platform changes: technical, business and marketing, to name a few. Navigating the rules and options of FIPS…
-
How can OpenSSL survive FIPS 140-2 validation in 2020?
by Stephan MuellerThe OpenSSL project outlined the development strategy pertaining to the Federal Information Processing Standard (FIPS) 140-2 code in the November 7th, 2019 OpenSSL blog titled “Update on 3.0 Development, FIPS and 1.0.2 EOL.”[1] As a summary, the following relevant aspects for FIPS 140-2 are communicated. · The…
-
SP800-90A and SP800-90B compliant Linux Random Number Generator
Stephan Mueller With the enforcement of SP800-90B starting in November 2020, the noise sources behind the Linux /dev/random, /dev/urandom and the getrandom system call interfaces must comply with all requirements stipulated by SP800-90B. If this compliance is not achieved, all modules using Linux random number generator as entropy…
-
CST Newsletter and FIPS 140-3 Change Summary
We invite you to take a look at our CST Newsletter. This newsletter is intended to inform our customers about recent changes within the Implementation Guidance and NIST’s Cryptographic Module Validation Program (CMVP). We also included a high-level summary of changes to the testing and documentation that FIPS…
-
International Cryptographic Module Conference 2019 in Vancouver, Canada
After a day of pre-conference workshops, the 7th International Cryptographic Module Conference (ICMC) was kicked off this morning with a welcome address from atsec’s VP and Lab Director Yi Mao. (from left to right: Renaudt Nunez, Stephan Mueller, Fiona Pattinson, Swapneela Unkule, Yi Mao) Yi Mao’s Opening Speech…
-
Cryptographic module related work in ISO/IEC JTC 1/SC 27/WG 3
For several years the value of conformance testing against the FIPS 140-2 specification has been well accepted, and the assurance gained through validated conformance has been specified in several other markets.
-
How the U.S. government shutdown affects us
As many of our customers will be aware, the current U.S. government shutdown can affect their projects with atsec. This time, the partial shutdown includes the U.S. Department of Commerce, and hence NIST’s Computer Security Resource Center. This affects our customers with FIPS 140-2 conformance validations (CMVP), and…
