Re: status of NSS FIPS-140 certification on SPARC Solaris 10

Wed, 28 Jan 2009 17:15:17 -0800 

Wan-Teh,

Wan-Teh Chang wrote:

On Tue, Jan 27, 2009 at 9:56 PM,  <alex.agra...@gmail.com> wrote:

Hi,

I wonder if someone could clear to me the status of NSS FIPS-140
certification on SPARC Solaris 10. According to 
https://wiki.mozilla.org/FIPS_Validation
the latest certified NSS "crypto module" version is 3.11.4 (AFAIK this
"crypto module" is part of NSS libraries 3.11.4 and 3.11.5) and the
list of platforms includes:
  # Solaris 10 64-bit SPARC v9
  # Solaris 10 32-bit SPARC v8+

However the issued NIST certificate mentions only one SPARC platform:
  # Sun Blade 2500 Workstation with UltraSPARC IIIi CPU, Sun Trusted
Solaris Version 8 4/01, Extended ECC.
and one Solaris 10 x86 platform:
  # Sun W2100z workstation with dual AMD Opteron CPUs, 64-bit Solaris
10,
Extended ECC.

As far as I understand, vendor and/or user may recompile FIPS-
certified software on a "compatible" platform (assuming that no
changes to the source code are required) and retain FIPS-140
certification. Can we use this clause to claim NSS certification on
Solaris 10 SPARC platforms? Is this claim based on the certificate for
Solaris 10 x86 or Solaris 8 SPARC platforms?


Yes, you can use this clause to claim NSS certification on
Solaris 10 SPARC platforms, based on the certificate for
*Trusted* Solaris 8 SPARC.

In addition, if Solaris 10 has been Common Criteria evaluated
at EAL2 or higher (you may need to install some extensions),
you can claim certification at Level 2.


Also what is the status of the latest FIPS-140 certification of NSS
3.12? The Wiki says that it was planned for Fall 2008 and I wonder how
does it go (I see that the module is in IUT state on the NIST site).
What platforms will it be certified on?


It's still in an early stage.  We're getting ready to start
the algorithm testing.  I don't know what platforms it
will be certified on.

Wan-Teh
FYI, the Sun-provided binary versions of NSS are all compiled on Solaris 8 (except for x64, on Solaris 10). The same FIPS certified binaries are run on all newer versions of Solaris. Therefore, NSS should be at least at FIPS 140-2 level 1 for all Solaris versions. 
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to