Standards Compliance

CDK 7.0 was awarded NIST FIPS 140-1 Level 1 Certificate No. 347. Certification was performed by a NIST-accredited laboratory that did souce code level validation of all supported FIPS approved algorithms and security interfaces. Review and oversight was provided jointly by NIST and CSE. Only products containing FIPS 140-validated security modules may be purchased and used for the processing of sensitive data by agencies of the U.S. Federal Government. Such products are also recommended by the Government of Canada.

 
NIST NOTE: FIPS 140-2 is now in effect. However, Federal agencies may continue to purchase, retain and use FIPS 140-1 validated modules.
 
At the time of validation, there were no formal NIST test suites for certain FIPS approved algorithms. In these cases we ran standard industry tests, provided letters of compliance assurance to NIST, and the NIST-accredited CMT lab checked the source code and test results. These algorithms are marked VA (for "Vendor Affirmed") in the NIST certificate column of the table below.
 
Cryptographic functions provided by ISC CDK 7.0 comply with all relevant specifications in the NIST, ANSI, ISO, IETF, IEEE, and industry standards cited in the following table:
 
FIPS Approved
Algorithms
Relevant Standards and Other References
NIST Certificate
RSA FIPS 186-2; ANSI X9.31-1998;
RFC2437 (PKCS#1v2.0), RFC3447 (PKCS#1v2.1); ANSI X9.44; IEEE 1363-2000
VA
DSA FIPS 186-2; ANSI X9.30-1997
#65
ECDSA FIPS 186-2; ANSI X9.62-1998;
IEEE 1363-2000
  VA
DH RFC2631; ANSI X9.42-1998;
IEEE 1363-2000
 
ECDH ANSI X9.63; IEEE 1363-2000
 
AES FIPS 197; NIST SP-800-38A; NIST SP-800-38C; DRAFT NIST SP-800-38B; CNSS Policy No. 15; RFC3565
#9
TDES FIPS 46-3; ANSI X9.52-1998; NIST SP-800-38A; NIST SP 800-20; DRAFT NIST SP 800-67
DES (deprecated) FIPS 46-3; ANSI X3.92 
Skipjack/EES FIPS 185; NIST/NSA specification; NIST SP 800-38A
#9
SHA-1 FIPS 180-2; ANSI X9.30 Part 2;
ISO/IEC 10118-3:1998
SHA-24/256/384/512 FIPS 180-2; NIST specifications
 
HMAC-SHA-1 FIPS 198; RFC2104; ANSI X9.71
#100, VA
PRNG FIPS 186-2; FIPS 140-2 Annex C; NIST SP 800-22  
Password Generation FIPS 181
 
Not FIPS Approved
Relevant Standards and Other References
DESX IETF ID; (analysis by J. Kilian and P. Rogaway)
RC2 RFC3217; RFC2268  
RC4 RFC2246 (SSL/TLS); "Arcfour" internet-draft  
MD2 RFC1319  
MD5 RFC1321  
HMAC-MD5 RFC2104; ANSI X9.71
Also Available
Relevant Standards and Other References
KEA NIST/NSA specification; RFC2528; RFC3279; SDN.701
MQV, ECMQV IEEE 1363-2000
OAEP RFC2437 ( PKCS #1v2.0); RFC3560; IEEE 1363-2000 
RIPEMD-160 ISO/IEC 10118-3:1998; (A. Bosselaers website); RFC2857
 
In addition to the algorithms listed in the first part of the above table, CDK 7.0 includes:
  • X.509v3 certificate and CRL handling (RFC2459, RFC3279, RFC3280, NIST SP 800-15)
  • support for the creation and parsing of PKCS#7/8/10/12 PDUs and S/MIMEv3 CMS PDUs (RFC3370. RFC3851, RFC3852)
  • key derivation functions for PKCS#5 PBE and various ANSI and PKCS#1/3/5/8 (RFC2313-2315) padding, encoding, and decoding functions
  • pseudo-random number generation, primality testing, and routines for low-level modular exponentiation and other high-precision arithmetic operations (in rings of integers, finite fields, and elliptic curves)
  • simple SSLv3/TLS client support
 

ISC Cryptographic Development Kit - User's Guide
ISC website
Questions? E-mail ISC technical support
Copyright© 2002-2006 Information Security Corp. All rights reserved.