httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sander Temme <>
Subject Re: [users@httpd] Is Apache2.2 FIPS compliant?
Date Sat, 12 Jan 2008 16:37:49 GMT

On Jan 12, 2008, at 6:34 AM, robingandhi21 wrote:

> Please let me know if anybody have any idea of Apache2.2 being FIPS
> compliant?

By itself, no.  Apache does not do anything special for key management  
or access control to key material.  However, Apache can use a FIPS 140  
certified Hardware Security Module like nCipher's nShield card and use  
keys protected by its Security World.  This will make you FIPS 140-2  
Level 2 or 3 compliant.

Note: I work for nCipher.  Let me know if you'd like more information  
about using hardware-protected keys.


Sander Temme
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF

View raw message