Tripwire Cryptographic Module FIPS 140-2 Security Policy
©2010 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. All rights
reserved.
Page 4 of 15
Introduction
The Tripwire Cryptographic Module (S/W Versions: 1.1 and 1.2) is a software only
multi-chip standalone cryptographic module designed to provide FIPS validated
cryptographic functionality for Tripwire, Inc. products. It implements the interfaces for
encrypting sensitive data and to facilitate secure TLS communication channels.
The cryptographic module was tested on the following operational environment (in single
user mode):
·
Windows Server 2003 (32-bit)
·
Sun Microsystems Java Runtime Environment Version 1.5
As per FIPS 140-2 Implementation Guidance G.5, the cryptographic module will remain
compliant with the FIPS 140-2 validation when operating on any general purpose
computer (GPC) provided that the GPC uses the specified single user operating system,
or another compatible single user operating system such as any of the following:
·
Microsoft Windows
·
RedHat Enterprise Linux
·
SUSE Linux
·
Solaris
·
IBM AIX
·
HP-UX
·
IBM i5/OS
·
IBM z/Linux
Security Levels
The Tripwire Cryptographic Module is validated according to the following FIPS 140-2
defined levels.
Overall
Security Level 1
Area 1 - Cryptographic Module Specification
Security Level 1
Area 2 - Cryptographic Module Ports and Interfaces
Security Level 1
Area 3 - Roles, Services, and Authentication
Security Level 1
Area 4 - Finite State Model
Security Level 1
Area 5 - Physical Security
Security Level 1
Area 6 - Operational Environment
Security Level 1
Area 7 - Cryptographic Key Management
Security Level 1
Area 8 - EMI/EMC
Security Level 3
Area 9 - Self-Tests
Security Level 1
Area 10 - Design Assurance
Security Level 3
Area 11 - Mitigation of Other Attacks
Security Level 1