7 Jan
2010
7 Jan
'10
9:07 a.m.
#include <standard debate about the value, or lack thereof, of FIPS 140 certification>
Because, IIRC, the standard just certified the vendors implementation of actual encryption algorithm, not the device as a whole or what happens outside encryption. I might be wrong as been two years since I looked at this but I think that was the problem we ran into when trying to find a FIPS 140-2 compliant bluetooth device for one of the flags officers I was supporting (per the DISA Wireless STIG requirement: http://iase.disa.mil/stigs/stig/wireless_stig_v6r1_6aug2009.zip). At the end of the day we couldn't find an acceptable one but being a flag he just used a signed off on using non-approved one anyways because flags are special like that. -Peter