This week, FedRAMP published two tips for Cloud Service Providers(CSPs):
Cloud Service Providers (CSPs)
TIP: To access the document that lists all of the cryptographic modules that have been submitted for evaluation and are currently in process, please visit: http://csrc.nist.gov/groups/STM/cmvp/inprocess.html
The title of the document is “Cryptographic Module Validation Program FIPS 140-2 Modules In Process List“
On this page, anyone can determine the status of any cryptographic modules that have been submitted to NIST for evaluation. The categories available are:
- Review Pending
- In Review
- Coordination (this process may be iterative)
- Finalization
Once you are on this page, please see the right hand side of the page for a url for “Validated Modules.” Clicking this link reveals another page where there is another link, “SEARCH our database of validated modules.”
Here anyone can search for the product validation and the modules via the certificate number, the name of the vendor, or the name of the module, or all three if these are available.
Cloud Service Providers (CSPs)
TIP: Be mindful of references to several assorted documents within the System Security Plan (SSP).
It’s important that referenced information should be accessible for the customers that would like to review the packages ahead of time.
More Information
Read more about this week’s FedRAMP’s Tip and cues here