As I mentioned in my last post
, NIST issued FIPS 140-2 Level 1certificates for NSS. I'm pleased to announce that NIST has just issued the Level 2 certificate. You can see the notification here
We feel that a Level 2 validation better represents the way our customers deploy NSS-based applications. For example, Level 2 testing allows us to run on a multi-user OS, in multi-user mode, whereas Level 1 requires that tests be conducted with a single user on the machine (which isn't how our customers deploy NSS-based apps). Level 2 testing is also performed on an operating system that "is evaluated at the CC [Common Criteria] evaluation assurance level EAL2 (or higher)".
Level 2 certificates for software are rare. And to the best of my knowledge, NSS is still the only open source crypto library to obtain a Level 2 certificate (the highest available for software modules).
This Level 2 certificate is a big win for the NSS team. Thanks to eveyone who helped!