Open Source Software Institute announces
release of updated OpenSSL FIPS Object Module
Current FIPS Object Module based on OpenSSL Version 0.9.8
Nov 19th, 21:32 UTC
Washington, DC - Monday 19, November, 2008 - The Open Source Software Institute (OSSI) announced today the award of a new FIPS 140-2 validation for the OpenSSL FIPS Object Module 1.2. The official Federal Information Processing Standard (FIPS) validation certificate (#1051) is now posted at the NIST FIPS 140-2 Cryptographic Module Validation List (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2008.htm ).
This most recent validated OpenSSL FIPS Object Module is based on version 0.9.8 of the OpenSSL cryptographic library and is freely available for download at http://www.openssl.org/source/openssl-fips-1.2.tar.gz . Updated versions of OpenSSL FIPS Object Module Security Policy and User Guide will be available for download through the OSSI website (www.oss-institute.org) and may be used and reproduced without restriction.
The OpenSSL library (http://www.openssl.org) is an open source software cryptographic toolkit for implementing Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols that can be used on a wide variety of hardware and operating system platforms. The FIPS validated Object Module provides an API for invocation of FIPS approved cryptographic functions from calling applications. The FIPS validation is required as part of the National Security Telecommunications and Information Systems Security Policy (NSTISSP) number 11, a national policy governing the acquisition of information assurance (IA) and IA-enabled information technology products. The use of validated cryptographic modules is required by the United States Government for all unclassified uses of cryptography. The Government of Canada also recommends the use of FIPS 140 validated cryptographic modules in unclassified applications of its departments.
"This fourth release of a validated module is part of the on-going "Rolling Validation" program hosted by the Open Source Software Institute," said John Weathersby, OSSI executive director. "OSSI works closely with members of the OpenSSL development team, industry sponsors and key government advisors to keep a current FIPS validated version of OpenSSL available for government and industry use."
Each validation process requires on-going technical enhancements, documentation and testing by a government-certified lab and takes more than a year and costs many thousands of dollars.
"OSSI relies on industry and government sponsorship to provide the funding for the on-going validation process," Weathersby continued. "This collective sponsorship is what enables OSSI to keep the OpenSSL FIPS Object Module freely available with no licensing fees for our partners and the industry as a whole."
To meet the growing demand for customization and support of the FIPS validated module for specific products, OSSI has organized a special team to provide high-level technical consulting, customization and support services. For additional information regarding custom consulting efforts or to support for the OpenSSL FIPS validation project, contact OSSI at openssl@oss-institute.org."
About the Open Source Software Institute
The Open Source Software Institute (OSSI) is a U.S.-based non-profit organization whose mission is to promote the development and implementation of open source software solutions within U.S. Government agencies and academic entities. For additional information please visit the OSSI website at: www.oss-institute.org.
About the OpenSSL.org Project
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and open source toolkit implementing the Secure Socket Layer and Transport Layer Security protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan and develop the OpenSSL toolkit and its related documentation. For additional information please visit the OpenSSL.org Project website at: www.openssl.org.
# # #
(Submitted by John Weathersby of Open Source Software Institute)
|
