|Applies To||RSA BSAFE® Crypto-C Micro Edition 4.1|
RSA BSAFE® Crypto-C Micro Edition 188.8.131.52
RSA BSAFE® Crypto-C Micro Edition 4.1.2
RSA BSAFE® Crypto-C Micro Edition 184.108.40.206
|Issue||On January 1st 2018, NIST moved the cryptographic module certificate numbers 2294 and 2300 to the Historical list, preventing any product referencing those certificates to be included by Federal Agencies's new procurements.|
|Cause||The CMVP announced their process for managing the transition of the AES key wrap method of key establishment at https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Notices.|
According to the notice the CMVP has removed the current FIPS 140-2 certificates for the BSAFE- C toolkits from the CMVP active validation list and put them in the historical list. These certificates are number 2294 and 2300, which cover the same Crypto-C ME releases for modules that have different validation levels for authentication.
Certificates on the historical list cannot be found by normal searches of the CMVP validation list and cannot be sold to US government customers.
What caused the certificates 2294 and 2300 to be moved to the historical can be explained by the following:
The modules with validated AES key wrap are now on the historical list because they share he same module certificate with CCME 220.127.116.11 which does not have the same validation.
The current security policy for these modules shows CAVP certificates for AES key wrap for CCME 4.1.2 and CCME 18.104.22.168 and notes that CCME 4.1 and 22.214.171.124 are different.
|Resolution||New Security Policy documents have been submitted to CMVP that disallows the use of AES key wrap algorithms when using CCME 4.1 and 126.96.36.199 used in FIPS 140-2 mode.|
As of January 31st 2018, the module certificates #2294 and #2300 are back on the validated list.
Please review the module certificates and new security policy documents at the following locations: