Re: [Fed-Talk] [FIPS 140-2] Mac OS X - Implementation Under Test (IUT)
Re: [Fed-Talk] [FIPS 140-2] Mac OS X - Implementation Under Test (IUT)
- Subject: Re: [Fed-Talk] [FIPS 140-2] Mac OS X - Implementation Under Test (IUT)
- From: email@hidden
- Date: Mon, 10 Sep 2007 13:50:08 -0400
I did not miss this. We are in #1, lima charlie. That web site does not speak to anything or any process that may have occurred previous to the pre-validation listing. Presume that they just cracked the seal on the task then.
v/r Wm.
On Sep 10, 2007, at 12:59 PM, Shawn A. Geddis wrote: Thanks, excellent news! (but)
Honestly, without knowing what has been done thus far, it is difficult to interpret what your memo means. IAn interpretation could be either:
1) Apple just entered/started the FIPS 140-2 certification process
2) Apple's algorithms and design of the code have been vetted and pre-validated. Now it must be verified that the code execution matches the documentation.
Obviously #2 gives us some potential leverage to say "home stretch" and get things rolling again.
Very Respectfully, Wm. Cerniuk Project Manager / Sr. Systems Architect Veterans Affairs 877.529.5730 (toll free)
Reading original message carefully :-), you will notice that there was a block of information specifically addressing this very item:
The FIPS 140-2 Conformance Validation Process For those who are not familiar with the process and requirements, they can be found on the NIST website at:
1. Implementation Under Test (IUT) 2. Validation Review Pending 3. Validation Review 4. Validation Coordination 5. Validation Finalization
Pulling that content directly from the NIST webpage at the URL above, reads...
... The following phases describe the FIPS 140-1 and FIPS 140-2 pre-validation process. The status of each cryptographic module in the process is identified in the list. - Implementation Under Test (IUT)
- There exists a viable contract between the vendor and CMT laboratory for the testing of the cryptographic module.
- The cryptographic module is resident at the CMT laboratory.
- All of the required documentation is resident at the CMT laboratory. (Note: if the vendor requires the CMT lab personnel to test the cryptographic module onsite, all documents must be onsite with the module.)
- Validation Review Pending
- Complete set of testing documents submitted to NIST and CSE for review. The set includes: draft certificate, summary module description, detailed test report, non-proprietary security policy, web-site information. In addition, some CMT labs include a separate physical testing report.
- Signed letter from laboratory stating recommendation for validation received by NIST and CSE.
- Validation Review
- NIST and CSE reviewers assigned.
- NIST and CSE perform a preliminary review of the test documents (if required). NIST and CSE perform a review of the test documents.
- Comments coordinated by NIST and CSE reviewers and combined set of comments sent to the CMT laboratory.
- Validation Coordination (this process may be iterative)
- Comments received by the CMT laboratory from NIST and CSE for resolution.
- Additional testing (if required).
- Additional documentation (if required).
- Comments resolution developed for resubmission to NIST and CSE.
- Testing documents updated for resubmission to NIST and CSE.
- Responses to comments and revised test documents submitted to NIST and CSE.
- Validation Finalization
- Final resolution of validation review comments submitted to NIST and CSE.
- Testing documents updated based on resolutions and submitted to NIST and CSE.
- Certificate number assigned.
- Certificate printing and signature process initiated.
- Shawn
______________________________________________________________ Shawn Geddis Enterprise Security Consulting Engineer Apple Enterprise
|
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden