219
edits
Changes
m
=== Platforms for 2009 ===
=== Schedule ===
{| border="1" cellpadding="2" summary="schedule table"
|-
! Milestone !! Item !! Deps !! Time !! Who !! Completed
|-
| M1 || Initial Setup || || || ||
|-
| 1a || Choose validation Lab, approve costs, and sign NDA || all || || all || [http://www.atlanlabs.com/ Atlan]
|-
| 1d || Define Algorithms, Key Sizes and modes || || || ||
|-
| M2 || Complete NSS 3.12 FIPS dependant bugs || || || ||
|-
| M3 || Update documentation (numbers in parentheses refer to sections in FIPS documentation) || || || ||
|-
| 3a. || (1.0) Security policy, new algorithms || 1d || 2 wks || all ||
|-
| 3b. || Generate annotated source tree (LXR -> HTML) || M2 || || ||
|-
| 3c. || (2.0) Finite State Machine || 3b || 3 wks || ||
|-
| 3d. || (3.0/4.0) Cryptographic Module Definition || 3b || 2 wks || ||
|-
| 3e. || (6.0) Software Security (rules-to-code map) || 3b || 2 wks || ||
|-
| 3f. || (8.0) Key Management Generate 20K random #'s || || 1 day || ||
|-
| 3g. || (9.0) Cryptographic Algs || 3a || 3 days || ||
|-
| 3h. || (10.0) Operational Test Plan || || 1 day || ||
|-
| 3i. || Document architectural changes between 3.2 and 3.11 || || 5 days || ||
|-
| M4 || Send docs to testing lab || || || ||
|-
| 4a. || Security Policy || || all || ||
|-
| 4b. || Finite State Machine || 3c || || ||
|-
| 4c. || Module Def. / rules-to-code || 3d,3e || || ||
|-
| M5 || Operational validation || || || ||
|-
| 5a. || Algorithm testing || || 1 month || ||
|-
| 5b. || Operational testing || 3h || 1 week || ||
|-
| 5c || set up machines for Lab to run operational tests on, provide Lab tech with access to machines (last time we both sent a box to the lab and set up a temporary account in the intranet for them) || || || ||
|-
| M6 || Internal QA of docs || M2-M5 || 1 week || all ||
|-
| M7 || Communication between NSS team / Lab / NIST about status of validation / algorithm certificates || M1-5 || 3-6 mos || all ||
|}
<BR>
=== Algorithms ===
=== Dependant Bugs ===
=== Testing Lab ===
=== FIPS 140 Information ===
no edit summary
Softoken is a component of [[NSS]], and has a separate version number. The most recent FIPS validated Softoken is 3.11.4 and is in '''NSS 3.11.4''' and '''NSS 3.11.5'''.
NSS softoken has completed FIPS 140 validation four times: 1997, 1999, 2002, and 2007. View [[ http://www.mozilla.org/projects/security/pki/nss/fips/ | NSS FIPS validation history ]] here. This page documents our recent current NSS FIPS 140 validation.
==Updates==
Spring/Summer 2009 FIPS 140 validation will be based on Softoken 3.12.x
* Level 1
** Windows XP Service Pack 2
** Solaris 10 64-bit x86_64
Plan is to validate all FIPS-approved algorithms that NSS implements and NIST has tests for. There are eight such algorithms. Previous certificates are shown for softoken 3.11.4 and we will update when new certificates are granted.
|}
{| border="1" cellpadding="2" summary="Dependent Bugs"
|-
|}
[http://www.atlanlabs.com/ Atlan Labs ]
[http://csrc.nist.gov/cryptval/ NIST Cryptographic Module Validation Program ]
[[ FIPS 140-2 Vendor Requirement Docs | FIPS 140-2 Derived Test Requirements (DTR) ]]
== Schedule ==
{| border="1" cellpadding="2" summary="schedule table"
|-
! Milestone !! Item !! Deps !! Time !! Who !! Completed
|-
| M1 || Initial Setup || || || ||
|-
| 1a || Choose validation Lab, approve costs, and sign NDA || all || || all || [http://www.atlanlabs.com/ Atlan]
|-
| 1d || Define Algorithms, Key Sizes and modes || || || ||
|-
| M2 || Complete NSS 3.12 FIPS dependant bugs || || || ||
|-
| M3 || Update documentation (numbers in parentheses refer to sections in FIPS documentation) || || || ||
|-
| 3a. || (1.0) Security policy, new algorithms || 1d || 2 wks || all ||
|-
| 3b. || Generate annotated source tree (LXR -> HTML) || M2 || || ||
|-
| 3c. || (2.0) Finite State Machine || 3b || 3 wks || ||
|-
| 3d. || (3.0/4.0) Cryptographic Module Definition || 3b || 2 wks || ||
|-
| 3e. || (6.0) Software Security (rules-to-code map) || 3b || 2 wks || ||
|-
| 3f. || (8.0) Key Management Generate 20K random #'s || || 1 day || ||
|-
| 3g. || (9.0) Cryptographic Algs || 3a || 3 days || ||
|-
| 3h. || (10.0) Operational Test Plan || || 1 day || ||
|-
| 3i. || Document architectural changes between 3.2 and 3.11 || || 5 days || ||
|-
| M4 || Send docs to testing lab || || || ||
|-
| 4a. || Security Policy || || all || ||
|-
| 4b. || Finite State Machine || 3c || || ||
|-
| 4c. || Module Def. / rules-to-code || 3d,3e || || ||
|-
| M5 || Operational validation || || || ||
|-
| 5a. || Algorithm testing || || 1 month || ||
|-
| 5b. || Operational testing || 3h || 1 week || ||
|-
| 5c || set up machines for Lab to run operational tests on, provide Lab tech with access to machines (last time we both sent a box to the lab and set up a temporary account in the intranet for them) || || || ||
|-
| M6 || Internal QA of docs || M2-M5 || 1 week || all ||
|-
| M7 || Communication between NSS team / Lab / NIST about status of validation / algorithm certificates || M1-5 || 3-6 mos || all ||
|}
<BR>
[[Category:NSS]]