Savage Robert Contr AFCA/ITCR wrote:
Are there any plans within MF or the NSS development team to seek FIPS
140-2 certification for current NSS modules to allow and promote federal
government use of Mozilla? This is basically a paperwork documentation
exercise which can be done in-house (the OpenSSL project is pursuing
FIPS 140-2 Level 1 certification on their own), or outsourced to a
NIST-approved participant in the National Voluntary Laboratory
Accreditation Program (NVLAP). One of the NVLAP vendors in the U.S.
with links on NIST’s web site quotes about $20K to do the job (see
http://www.bkpsecurity.com/pricing.html).
Yes, there are plans to seek FIPS 140-2 certification
for current NSS cryoto modules.
This is more than just a paperwork documentation
exercise. We have obtained three 140-1 validations
for NSS in the past. The engineers needed to spend
considerable time understanding the requirements,
generating the documentation, running the test
cases, etc. So the actual cost was much more than
the fee paid to the testing lab.
If any organization is interested in helping out,
please contact me and I can set up discussions with
the right people in MF.
Wan-Teh
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
