Oracle announces FIPS 140-2 Validations for Solaris Cryptographic Framework
By Joshua Brickman-Oracle on Mar 07, 2014
Oracle is pleased to announce that the Oracle Solaris Cryptographic Framework has achieved a FIPS 140-2 validation with overall compliance at Level 1 of the standard. Conformance with the FIPS 140-2 standard provides assurance to government and industry purchasers that products are correctly implementing cryptographic functions as the FIPS 140-2 standard specifies.
FIPS 140-2 is a public sector procurement requirement in both the United States and Canada for any products claiming or providing encryption.
The FIPS 140-2 program is jointly administered by the US and Canada. In the US, the program is administered by NIST (National Institute of Standards and Technology) through the CMVP (Cryptographic Module Validation Program). In Canada, the program is administered by the Communications Security Establishment of the Government of Canada (CSEC).
The Oracle Solaris Cryptographic Framework provides basic cryptographic algorithms and services to the Solaris Operating System and application consumers. The framework is available for both kernel and user-level consumers. The Kernel Cryptographic Framework was awarded certificate #2061 for Intel and SPARC64 processors and certificate #2060 for SPARC T4 and T5 processors. The Userland Cryptographic Framework was awarded certificate #2077 for Intel and SPARC64 processors and certificate #2076 for SPARC T4 and T5 processors. The certificates, and accompanying public Security Policy, can be viewed on the CMVP website here.
For more information on Oracle’s participation in the FIPS 140-2 validation program, please visit the main FIPS 140-2 information page. For a complete list of Oracle products with FIPS 140-2 validations and Common Criteria certifications, please see the Security Evaluations website:
( http://www.oracle.com/technetwork/topics/security/security-evaluations-099357.html ).