The thread to which I'm referring can be found here: http://mailman.mit.edu/pipermail/kerberos/2006-November/010870.html
Since your name and e-mail is at the top, and you signed the post, I felt the assumption that "You" posted this was most likely correct. I appreciate your response, and in doing some further research did find a couple of independent labs that can verify compliance to the FIPS 140-2 standard, but have not found any that mention FIPS 197. The two labs I found were: http://www.corsec.com/index.php?option=com_frontpage&Itemid=1 and http://www.rycombe.com/ Unfortunately, I feel no closer to determining how, exactly, I would prepare the product we are being asked to produce for compliance. Guess it's on with the reading glasses and a snifter of fine single malt scotch for a trip through http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf tonight... Cheers, Tim -----Original Message----- From: Marcus Watts [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 03, 2008 1:37 PM To: Tim Jandt Cc: [email protected] Subject: Re: FIPS compliance You wrote: > Date: Wed, 03 Dec 2008 12:32:16 CST > To: "[email protected]" <[email protected]> > From: Tim Jandt <[EMAIL PROTECTED]> > Subject: FIPS compliance > > Hello, > > I found a post in which you mentioned: > > > "FIPS compliance is something you get by going through a very particular > govern > mental certification process, which normally does not deal with generic > standar > ds, but instead deals with specific and particular implementations. Standards > are described, but the compliance aspect is to show that a particular > implement > ation meets that standard." > > Would you by chance have links to any government agencies or test labs web > site > s that describe the FIPS certification process in more detail? > > Thanks, > Tim "You" here is a very vague word. There are about 4 messages in the thread you appear to reference, from different folks. Just on the off-chance you mean me, here are some links: http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf http://en.wikipedia.org/wiki/FIPS_140-2 https://wiki.mozilla.org/FIPS_Validation The 1st is the standard proper. At 69 pages, it's not exactly light reading, but it could be a *lot* worse. Beware, this may not describe actual practice, particularly for software. The 3rd describes the actual experience of one open source project. The 2nd & 3rd have pointers to additional resources. You can find lots more with google. -Marcus Watts ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
