Re: [Fed-Talk] FileVault 2 FIPS Certification
Re: [Fed-Talk] FileVault 2 FIPS Certification
- Subject: Re: [Fed-Talk] FileVault 2 FIPS Certification
- From: "Trouton, Rich R" <email@hidden>
- Date: Fri, 23 Sep 2011 16:40:25 +0000
- Thread-topic: [Fed-Talk] FileVault 2 FIPS Certification
Dallas,
When I talked with Shawn Geddis at WWDC this summer, here's the notes I took from our conversation:
-----
FIPS 140-2 information <--- For .Gov folks and other interested parties
Talked to Shawn Geddis after the crypto session. All FIPS 140-2 validation was based on now-deprecated crypto standard, so FIPS-140-2 validation from SL does not apply to new crypto used in Lion.
Any module that's still using the (now deprecated) CDSA modules are still FIPS 140-2 validated. CDSA's not gone, so those modules still work. However, Apple's not building on CDSA anymore.
Apple focusing on FIPS validation for iOS 5 first, as they can then apply a lot of that validation work towards Lion's crypto (lots of convergence between iOS 5 and Lion crypto.)
-----
I would anticipate it being a while before 10.7's new Common Crypto foundation (which FileVault 2 uses) is validated. If you want to use it, I recommend talking to your security folks about a waiver for FileVault 2.
Thanks,
Rich
On Sep 23, 2011, at 12:26 PM, Moore, Dallas T. wrote:
> Looking at the NIST FIPS "In Progress List", I don't see the new
> FileVault 2 crypto module listed... does anyone know if Apple is
> planning on submitting the FileVault 2 module for FIPS certification?
> It would be a lot more cost effective (and less of a pain) if the
> government were able to use FileVault 2 instead of using PGP.
>
> ________________________________
> v/r
> Dallas Moore
> Telecommunications Specialist
> U.S. Department of Justice
> Drug Enforcement Administration
> Office of Investigative Technology (ST)
> Infrastructure Support Unit (STAI)
> 703.495.6573 - Office
> 571.499.7371 - Mobile
> 703.495.6680 - Fax
> http://dea-st
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
---
Rich Trouton
email@hidden
JFRC Help Desk
phone: x4030
email: email@hidden
The best way to get in touch with me is through email.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden