• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] NIST Validation List "-FIPS-approved algorithms" Section Question
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] NIST Validation List "-FIPS-approved algorithms" Section Question

  • Subject: Re: [Fed-Talk] NIST Validation List "-FIPS-approved algorithms" Section Question
  • From: "Miller, Timothy J." <email@hidden>
  • Date: Tue, 07 Feb 2012 14:18:29 +0000
  • Thread-topic: [Fed-Talk] NIST Validation List "-FIPS-approved algorithms" Section Question
That's correct, as far as I understand it.  Further, the security module
must be configured and operated exactly as indicated in the linked
Security Policy for each validated module in order to satisfy FIPS 140
compliance requirements for a system.

-- T

On 2/6/12 3:49 PM, "Mr. William G. Cerniuk" <email@hidden> wrote:

>Am aware that some folks here may know this answerŠ
>Does each certificate in the Validated 140-1 and 140-2 Cryptographic
>Modules
><http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1514>
> listing provide a comprehensive list of the approved security functions
>(algorithm implementations) under the cell named "Level/Description" for
>each certificate issued? Empirically would appear to be the case.
>
>For example, when I examine Apple's certification:
>	http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#1514
>
>Which lists in the "Level/Description" under "-FIPS-approved algorithms:":
>
>* AES (Cert. #1400)
>* DSA (Cert. #453)
>* ECDSA (Cert. #176)
>* HMAC (Cert. #823)
>* RNG (Cert. #767)
>* RSA (Cert. #681)
>* SHS (Cert. #1271)
>* TDES (Cert. #955)
>
>
>
>Those correspond exactly to the listed validated algorithm
>implementations the supporting documented linked to that certificate:
>Apple FIPS
><http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1514.pdf>
>.
>
>This supports the supposition the that if an algorithm is not listed
>under the "-FIPS-approved algorithms:" section of the certificate
>listing, such algorithm implementation is not certified.  Anyone aware of
>anything to the contrary?
>
>( Note: for the first time viewer, the certificate list includes a
>section named "-Other algorithms" within many of the "Level/Description"
>cells which is not clear that it means "-Unapproved algorithms" but it
>doesŠ ;-) )
>
>--
>Best Regards,
>Wm. Cerniuk
>
>Time is Short, and the Water Rises
>
>
> _______________________________________________
>Do not post admin requests to the list. They will be ignored.
>Fed-talk mailing list      (email@hidden)
>Help/Unsubscribe/Update your Subscription:
>
>This email sent to email@hidden


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >[Fed-Talk] NIST Validation List "-FIPS-approved algorithms" Section Question (From: "Mr. William G. Cerniuk" <email@hidden>)

  • Prev by Date: [Fed-Talk] NIST Validation List "-FIPS-approved algorithms" Section Question
  • Next by Date: [Fed-Talk] possible to set up remote home folder in AD environment?
  • Previous by thread: [Fed-Talk] NIST Validation List "-FIPS-approved algorithms" Section Question
  • Next by thread: [Fed-Talk] possible to set up remote home folder in AD environment?
  • Index(es):
    • Date
    • Thread