CMV/CAVP Process Clarification (Previously [Fed-Talk] NIST Cert for iPhone and iPad Crypto)
CMV/CAVP Process Clarification (Previously [Fed-Talk] NIST Cert for iPhone and iPad Crypto)
- Subject: CMV/CAVP Process Clarification (Previously [Fed-Talk] NIST Cert for iPhone and iPad Crypto)
- From: Shawn Geddis <email@hidden>
- Date: Sun, 09 Oct 2011 23:32:56 -0400
On Oct 7, 2011, at 9:04 PM, Link, Peter R. wrote: Not so fast. These algorithms were validated on 6/7/2011. This doesn't mean they have FIPS approval, http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140InProcess.pdf http://csrc.nist.gov/groups/STM/cmvp/inprocess.html. Shawn might expand on this but from what I remember him telling me, the algorithms are the first step. The next step is incorporating all of them into the iOS package and getting approval for everything.
If you review the link I sent, you'll see that iPad and iPhone FIPS cryptographic module has been rejoined by Apple FIPS cryptographic module. Hopefully this means the new module for Lion has been submitted for approval.
On Oct 7, 2011, at 5:53 PM, William Cerniuk wrote:
The FIPS 140-2 Conformance Validation process has several phases to it. It might be valuable to provide links and a brief explanation for everyone here.
Modules In Process - CMVP- [1]
Validation Process Phases (w/ brief description) 1) Implementation Under Test (IUT) Module & Documentation ready for CST Laboratory Testing 2) Review Pending Complete Validation submitted to NIST / CSEC for Review 3) In Review CMVP Reviewers have been assigned 4) Coordination Iterative Review / Update to documentation / testing 5) Finalization Final resolutions and Certificate issuance
Validation of the Algorithms - CAVP - [2] The Cryptographic Algorithm Validation Program (CAVP) encompasses validation testing for FIPS approved and NIST recommended cryptographic algorithms and components of algorithms. Cryptographic algorithm validation is a prerequisite to the Cryptographic Module Validation Program (CMVP).
Validation of the Algorithms is a pre-requisite for submission of a module to CMVP and hence is performed as part of the "Implementation Under Test (IUT)" phase.
If you review the link I sent, you'll see that iPad and iPhone FIPS cryptographic module has been rejoined by Apple FIPS cryptographic module. Hopefully this means the new module for Lion has been submitted for approval.
The addition of "Apple FIPS Cryptographic Module" to the Modules in Process list [3] is a reflection of the "re-validation" of the CDSA/CSP module shipped in Mac OS X 10.6 and validated on March 9, 2011. OS X Lion (v10.7) does not use the CDSA/CSP module, but Apple is performing this re-validation to provide continued validation for all third-party applications using this module.
- Shawn ________________________________________ Shawn Geddis Security Consulting Engineer Apple Enterprise Division
|
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden