locked
FIPS 140-2 level one compliance and validation RRS feed

  • Question

  • FIPS 140-2 level one compliance and validation

    We are requiring that the application developed to be FIPS 140-2 compliant and validated.

    The third party DLL library has a wrapper around the Windows Crypto API
    The dependancies on the library uses Crypt32.dll and advapi32.dll
     
    We are intending to use the AES 256 Symmetric Bit encryption, SHA2 Hash algorithms and RSA 2048 Asymmetric encryption with "
    'Microsoft Enhanced RSA and AES Cryptographic Provider'

    From online enquiries we have seen that Bcrypt.dll itself is a validated cryptographic module for Windows.

    Microsoft Cryptographic Module certificates we have identified:

    https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/2956
    https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/2937
    https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/2606
    https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/1989

    We need to check how the DLL's are compliant? and also confirm that the certificates above confirm FIPS 140-2 validation
    are correct for Crypt32.dll and advapi32.dll?

    Thanks

    Albert Mitchell
    Saturday, March 17, 2018 12:04 PM