Re: [Fed-Talk] Apple IOS FIPS
Re: [Fed-Talk] Apple IOS FIPS
- Subject: Re: [Fed-Talk] Apple IOS FIPS
- From: Jeffrey Walton <email@hidden>
- Date: Fri, 04 Jan 2013 13:19:07 -0500
On Fri, Jan 4, 2013 at 12:59 PM, Kachman, Donald R. Jr (DJ) - (ESE)
<email@hidden> wrote:
>
> ...
> I would assume that any device that can load that IOS version would
> be covered, or are there specific hardware versions that have a necessary
> chip set?
It's not cut and dry. Sometimes, getting the CMVP to take a position
is like trying to nail jello to wall. I completely understand why, and
I am not throwing stones.
The module's FIPS Security Policy specifies specific versions of
firmware, software, and hardware within scope. The FIPS Security
Policy might also call out combinations of firmware, software, and
hardware. It may or may not call out a processor (IIRC). That's called
an Operational Environment (OE).
Everything is submitted for testing. The CAVP performs algorithm
testing, and the CMVP performs module testing. Note: a module must
include at least one OE and one algorithm. Then wait......
The CMVP cares about Major-Minor numbers for operating systems, but
does not care about Revision-Build numbers. So iOS 5.0 and 5.1 are
different but may both be within scope and validated from the Security
Policy. iOS 5.1 and 5.1.1 are the same as far as the CMVP is
concerned.
Jeff
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden