action #100572
closed[sle][security][sle15sp4][feature][manual] SLE-21216 - QA: FIPS 140-3: make Mozilla-NSS module ready for certification process
100%
Description
https://jira.suse.com/browse/SLE-21216
Prepare Mozilla-NSS module for certification process under FIPS 140-3 standards. Make all code changes necessary, in Mozilla-NSS, to comply with FIPS 140-3 standards to pass the validation process of NIST and obtain the FIPS certificate for the module.
Confirmed platforms:
x86_64 intel
x86_64 AMD
aarch64
s390x zX (exact platform not yet specify)
Platforms under evaluation, pending for confirmation:
IBM Power 9/10
Algorithms:
9 algorithms:
AES
SHS
HMAC
DRBG
RSA
DSA
ECDSA
ECDH
DH
*Note that we identified 10 algorithms at the beginning, including Triple-DES, however we decided to not include it due to its sunset in 2022.
Standards:
The standards to follow are the FIPS 140-3. See:
https://www.atsec.com/wp-content/uploads/2020/11/atsec_FIPS-140-3_vs_140-2.pdf
Updated by bchou about 2 years ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
- Estimated time set to 40.00 h
We are still testing FIPS140-3 during the RC phase currently. The test scope and test plan are discussed with the Cert team already. Some confluence links can be referenced. Thank you.
FIPS-140-3-SLE15-SP4 Scope Test Plan
FIPS-140-3-SLE15-SP4 Schedule Test Plan
FIPS 140-3 QA Test Status
SLES15-SP4-Security-FIPS-Regression-Test (RC phase)
The overall test will be completed before the middle of May.