Log in

No account? Create an account
Security, Crypto, and Random Topics
NIST issues FIPS 140-2 Level 2 certificate for NSS 
27th-Aug-2007 11:27 am
As I mentioned in my last post, NIST issued FIPS 140-2 Level 1certificates for NSS. I'm pleased to announce that NIST has just issued the Level 2 certificate. You can see the notification here.

We feel that a Level 2 validation better represents the way our customers deploy NSS-based applications. For example, Level 2 testing allows us to run on a multi-user OS, in multi-user mode, whereas Level 1 requires that tests be conducted with a single user on the machine (which isn't how our customers deploy NSS-based apps). Level 2 testing is also performed on an operating system that "is evaluated at the CC [Common Criteria] evaluation assurance level EAL2 (or higher)".

Level 2 certificates for software are rare. And to the best of my knowledge, NSS is still the only open source crypto library to obtain a Level 2 certificate (the highest available for software modules).

This Level 2 certificate is a big win for the NSS team. Thanks to eveyone who helped!
This page was loaded Jun 17th 2019, 6:12 am GMT.