Leading the way in embedded security
The OpenSSL Software Foundation (OSF) recently announced the awarding of a FIPS 140-2 Level 1 validation for version 2.0 of the OpenSSL FIPS Object Module. This was the culmination of huge effort by the OSF and a rigorous evaluation by the Cryptographic Module Validation Program, a joint effort between the U.S. National Institute of Standards and Technology and CSE (the Canadian Security Establishment). Opengear was proud to be a commercial sponsor of this validation along with the Defense Advanced Research Projects Agency (DARPA) and the Department of Homeland Security’s Science and Technology Directorate.
FIPS 140-2 is a US and Canadian technical security standard that is widely recognized world-wide and was the basis for ISO/IEC19790:2006 Security requirements for cryptographic modules. FIPS 140-2 validation is mandated for IT products procured for use in the U.S. government for protecting sensitive but unclassified information. The OpenSSL FIPS Object Module is a cryptographic module intended for use with the OpenSSL cryptographic library and toolkit. It is provided in the form of freely available open source code and is extremely popular, being used in many open source and commercial security products including those made by Opengear.
Opengear has a long history of supporting the efforts of the OSF, sponsoring validations and supplying products used to monitor and manage the extensive collection of hardware platforms required for the v2.0 FIPS 140-2 validation. We are particularly proud that we were instrumental in enabling the wide use of OpenSSL in validated embedded devices starting in 2009. Opengear was the sole sponsor of an extension to the OpenSSL FIPS Module v1.2 validation to include, for the first time, support for cross-compilation and ARM processors. Previously, the FIPS 140 validation had been limited to x86 processors more typically used in laptops, desktops and servers. Embedded processors, ARM being the most popular, are used in a huge range of different devices ranging from IT equipment such as routers, switches and firewalls to consumer products like smartphones and tablets.
Opengear applauds the efforts of the OSF and congratulates them on another successful FIPS 140-2 validation. The availability of the OpenSSL FIPS Object Module allows companies like Opengear to build robust, secure and validated products without a large investment in buying or building and validating basic cryptographic technology. This leverage benefits the whole IT ecosystem and Opengear will continue to take a lead role in future validations.