Bug 233480 - FIPS 200: Use FIPS 140-2 validated crypto
Summary: FIPS 200: Use FIPS 140-2 validated crypto
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: distribution   
(Show other bugs)
Version: 4.0
Hardware: All Linux
medium
medium
Target Milestone: ---
: ---
Assignee: RHEL Product and Program Management
QA Contact: Daniel Riek
URL:
Whiteboard:
Keywords: FutureFeature
Depends On: 233477
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-03-22 18:17 UTC by Chris Runge
Modified: 2012-06-20 16:13 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-20 16:13:00 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Chris Runge 2007-03-22 18:17:46 UTC
+++ This bug was initially created as a clone of Bug #233477 +++

Requirement for FIPS 200

NIST 800-53
SC-13
Use of validated cryptography

"When cryptography is employed within the information system, the system
performs all cryptographic operations (including key generation) using FIPS
140-2 validated cryptographic modules operating in approved modes of operation".

See http://csrc.nist.gov/publications/nistpubs/800-53/SP800-53.pdf for more
information.

NSS is going through FIPS 140-2 validation; we need to ensure the version of NSS
in the distribution matches the validated version.

More difficult is going to be tracking down the other crypto and coming up with
a plan to consolidate and/or validate it. OpenSSL has been through the process
but there are problems with the currently validated version that prohibit us
from shipping it.

I can arrange a conversation with OSSI who has sponsored the FIPS 140-2
evaluation for OpenSSL to discuss synergies.

Comment 1 Jiri Pallich 2012-06-20 16:13:00 UTC
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. 
Please See https://access.redhat.com/support/policy/updates/errata/

If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.


Note You need to log in before you can comment on or make changes to this bug.