wolfSSL Inc: Latest news on FIPS cert #3389

wolfSSL is extremely proud to announce that an additional 18 OEs (Operating Environments) have been added to cert #3389 with only a 62-day turnaround from the CMVP between submission and approval: Feb 23 2023 – April 26 2023.


Cert Location: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3389
SunSet Date: 3/3/2024

Operating Environments validated (raw count): 73
Operating Environments validated (non-PAA specific): 50

The 18 OEs that were added to cert #3389 are as follows:

  1. Linux 3.10 (CentOS 7) Intel® Atom™ CPU D525 @ 1.80GHz with PAA Beckman Coulter PROService RAP BOX 4.3.2
  2. Linux 3.10 (CentOS 7) Intel® Atom™ CPU D525 @ 1.80GHz without PAA Beckman Coulter PROService RAP BOX 4.3.2
  3. Yocto (dunfell) 3.1 AMD GX-412TC SoC with PAA LinkGuard 4.3.2
  4. Yocto (dunfell) 3.1 AMD GX-412TC SoC without PAA LinkGuard 4.3.2
  5. Linux 5.4 Intel® Xeon® Gold 5218 CPU @ 2.30GHz LiveAction LiveNX Appliance 4.3.2
  6. Windows 10 Pro Intel® Core™ i7-1255U @ 1.70 Ghz Dell Precision 3570 4.3.2
  7. Debian GNU/Linux 8 (jessie) Intel® Atom™ C2558 @ 2.40GHz ufiSpace Cloud and Data Center Switch S7810-54QS 4.3.2a
  8. FreeBSD 10.3 on VMWare ESXi 7.0 Intel® Xeon® Silver 4210 @ 2.20GHz Supermicro X11DPH-i 4.3.2a
  9. Linux 5.15 on VMWare ESXi 7.0 Intel® Xeon® Silver 4210 @ 2.20GHz Supermicro X11DPH-i 4.3.2a
  10. Debian GNU/Linux 8 (jessie) Broadcom BCM5634 Corning 1LAN-SDDP24POE 4.3.2a
  11. Linux IPHO00550F22 4.1 Broadcom BCM6858 Corning 1LAN-SDAN-7691 4.3.2a
  12. Linux IPHO00559B23 3.4 Broadcom BCM6838 Corning 1LAN-SDAN-7290 4.3.2a
  13. macOS Monterey 12.5 Intel® Core™ i7-8569U @ 2.80Ghz with PAA Macbook Pro 4.3.2a
  14. Windows 11 Enterprise Intel® Core™ i7-10610U @ 1.80Ghz with PAA Dell Latitude 7410 4.3.2a
  15. macOS Monterey 12.5 Apple M1 Max with PAA Macbook Pro 4.5.4a
  16. VxWorks 7 SR0630 Intel® Core™ i7-5850EQ @ 2.70GHz F-16 WASP 4.3.2a
  17. macOS Monterey 12.5 Apple M1 with PAA Macbook Air 4.5.4b
  18. macOS Monterey 12.5 Apple M1 without PAA Macbook Air 4.5.4b

This brings the total count of OEs tested and validated by wolfSSL Inc (vendor) in collaboration with UL Verification Services Inc (NVLAP accredited FIPS lab) under cert #3389 to a whopping total of 77! 4 OEs that had originally been tested and validated prior to SP800-56A Rev3 requirements were dropped from cert #3389 during the retesting effort leaving a total of 73 tested and validated Operating Environments under FIPS certificate #3389.

For a full list of all 73 tested and validated Operating Environments please checkout FIPS cert #3389 using the link to the certificate at the top of this blog post. If you have any questions about adding an OE please contact wolfSSL at fips@wolfssl.com anytime.

NEWS and the future of FIPS at wolfSSL and cert 3389:

As we approach the SunSet date of cert #3389, which is coming in March of 2024, wolfSSL would like to take this opportunity to address a few topics that regularly come up regarding impact of current and future projects.

  • Once a certificate is moved to the historical list a banner is placed at the top of that cert that states: “Historical – The referenced cryptographic module should not be included by Federal Agencies in new procurements. Agencies may make a risk determination on whether to continue using this module based on their own assessment of where and how it is used.
    • This means the certificate is unlikely to be acceptable for NEW contracts/projects, and can sometimes also impact ongoing software/firmware updates on previously closed contracts/projects. It is up to the purchase authority to weigh the RISK of using older FIPS certificates prior to making an acquisition for a project involving a FIPS requirement.
    • It is not unheard of that already fielded products may continue to ship software/firmware updates under a historical certificate.
      • To that end wolfSSL will continue to maintain, test and support cert #3389 FIPS modules long after cert #3389 is moved to the historical list on behalf of any customers still dependent upon it.
    • Those customers looking to close on NEW contracts/projects with a FIPS requirement will be happy to hear that wolfSSL Inc was one of the first 20 vendors in the world to be in process for FIPS 140-3 and estimates are that the wolfCrypt module is currently #16 in the CMVP queue for receiving a FIPS 140-3 certificate.
      • To-date only 3 vendors (Apple, AMD and VMware) have received 140-3 certificates none of which are commercial FIPS module offerings. wolfSSL anticipates being one of the first (if not THE first) commercial FIPS offering in the world for FIPS 140-3!
  • Cert #3389 can not be extended beyond March of 2024 unless the CMVP decides to change their extension policies regarding FIPS 140-2 given that FIPS 140-3 modules are taking SO long to be approved.
    • wolfSSL Inc feels the likelihood of such an extension policy change is small however the probability does exist and is worth mentioning
  • wolfSSL is seeing great demand from the industry for 140-3 as soon as it is available. wolfSSL Inc anticipates adding 25 (or more) OEs in the first year after receiving 140-3 certification for the wolfCrypt module. This means there may be a delay if one hesitates too long, please start planning FIPS projects today and get wolfSSL hardware ASAP to have an OE validated under the wolfSSL Inc 140-3 certificate once it is issued!

Are you interested in FIPS? Contact us at facts@wolfssl.com to find out how we can help you.