wolfSSL earns first SP800-140Br1-compliant FIPS 140-3 Validation Certificate
NewsJuly 17, 2024
EDMONDS, Wash. Network security/cryptography provider wolfSSL announced that it secured the world's first SP800 140Br1-compliant FIPS 140-3 Validation Certificate #4718 for wolfSSL's wolfCrypt module.
The company's announcement calls FIPS 140-3 validation testing "a rigorous and extensive process" that includes in-depth source code reviews, design reviews, documentation reviews, finite state machine verifications, CVE threat analysis, error injection, port sniffing, configuration management verifications, operational testing and test evidence auditing to the applicable requirements of the FIPS 140-3 Derived Test Requirements and FIPS 140-3 Implementation Guidance. The National Institute of Standards and Technology (NIST) under the Cryptographic Module Validation Program (CMVP) issues the 140 Publication Series to coordinate the requirements and standards for cryptographic modules for use by departments and agencies of the U.S. federal government.
According to the announcement, with the wolfCrypt FIPS 140-3 module self-tests are now required only the first time an algorithm is used or when the application decides is an ideal time to run the test during a slower event cycle and ahead of first algorithm use, which leads to much faster boot times and optimal power and resource consumption with careful planning.
wolfSSL partnered with cybersescurity testing lab Aegisolve; Aegisolve is accredited by the National Voluntary Laboratory Accreditation Program for Cryptographic and Security Testing to assess and validate cryptographic based security systems and telecommunications infrastructure.
