Skip to Content

7 Comments

You must be Logged on to comment or reply to a post.

  1. Dirk Van Wie

    Annette, what is the current status  on FIPS 140-2?  The blogs are stale.  The assumption was that certification would be completed by September 2013.  That was almost a year ago.  Should we move to Secude and stop paying maintenance fees on Netweaver SSO?

    (0) 
      1. Martin Voros

        I don’t have any experience with FIPS validation process but based on this definition of coordination it’s impossible to tell if it’s promising or not. Every testing/review results in some comments/issues that need to be addressed. It really depends on how serious the findings are. That table also shows that most of the products are in this category. So it’s really hard to tell.

        Cheers

        (0) 
    1. Annette Fuchs Post author

      Hi Dirk, and all others who commented on this blog,

      SAP submitted all evaluation results and required documentation to the certification body NIST/CMVP in April 2013.

      In the “coordination phase” the NIST/CMVP specialists comment on the submitted documents and are in exchange with the validating certification lab. Sometimes these discussions can be very long and extensive and also there happen to be delays because the involved people are not always available. The clarification process seems to be finished by now but we have not heard back from NIST/CMVP, yet. SAP has no influence on the process, its progress or the speed in which its is conducted.

      (0) 
  2. Dirk Van Wie

    Annette, thank you for the feedback.  At one point last year, I had a copy of the FIPS 140.2 certification from the TuV.  Is that something you could post or otherwise make available?

    (0) 
    1. Annette Fuchs Post author

      I just received information from our evaluation lab that NIST/CMVP requested another change to our security policy. The required change should be the last one and will be submitted within this week. According to the lab the certificate should be there soon then.

      (0) 

Leave a Reply