Fedora Hard Disk Encryption and FIPS 140-2 Compliance
Robert G. (Doc) Savage
dsavage at peaknet.net
Mon May 24 15:24:55 UTC 2010
On Mon, 2010-05-24 at 10:42 -0400, Edmon Begoli wrote:
> Does anyone know if Fedora's HD encryption is, or could it be, compliant with
> US NIST requirement for hard disk encryption included in NIST FIPS 140-2?
>
> http://csrc.nist.gov/groups/STM/cmvp/#05
>
> Thanks.
FIPS compliance testing is a cumbersome and expensive exercise in
paperwork. It's usually farmed out to a 3rd party "independent lab" for
upwards of $20K per cert. The only open source software project I know
that has successfully obtained FIPS 140-2 compliance certification is
OpenSSL, and they took on the task themselves.
Note that the requirement for FIPS compliance was brought about by FISMA
2002. This law and NIST's implementation have been justly criticized for
their emphasis on paperwork documentation in the certification and
accreditation (C&A) process. Security experts estimate upwards of 80% of
C&A budgets are being wasted on such "binder-ware". A new FISMA 2010 is
making its way through Congress that will change that emphasis to more
practical measures like pen-testing and automated status monitoring.
--Doc Savage
Fairview Heights, IL
More information about the users
mailing list