News

Stay up to date on the latest News from Corsec.  For further information contact: Jake Nelson | jnelson@corsec.com | (703) 267-6050 x122

OpenSSL and FIPS 140-2 Compliance

OpenSSL and FIPS 140-2 Compliance

Product vendors often rely on OpenSSL to gain FIPS 140-2 compliance.  With the new CMVP requirements and regulations, vendors using certain versions of the OpenSSL cryptographic library to meet FIPS 140-2 requirements will be in jeopardy of being non-compliant.

This not only is affecting product vendors that have relied on this strategy for FIPS 140-2, but also for other certifications such as Common Criteria and listing on the UC APL.

These affected modules will soon be un-procurable and removed from the FIPS validated list, impacting product vendors who are seemingly unaware.

 

For help determining if and how your product will be affected by this change, contact us and ensure you avoid timely and costly delays, or worse, de-listing from the CMVP website.

 

Call Corsec +1 703 267 6050