1
Introduction
1.1
Overview
This is a non-proprietary Federal Information Processing Standard (FIPS) 140-2 Se-
curity Policy for Certicom's Security Builder R
FIPS Module Version 2.4 (SB FIPS
Module). SB FIPS Module is a cryptographic toolkit for C language users, provid-
ing services of various cryptographic algorithms such as hash algorithms, encryption
schemes, message authentication, and public key cryptography. This Security Policy
specifies the rules under which SB FIPS Module must operate. These security rules are
derived from the requirements of FIPS 140-2 [1], and related documents [6, 7, 8].
1.2
Purpose
This Security Policy is created for the following purposes:
1. It is required for FIPS 140-2 validation.
2. To outline SB FIPS Module's conformance to FIPS 140-2 Level 1 Security Re-
quirements.
3. To provide users with how to configure and operate the cryptographic module in
order to comply with FIPS 140-2.
1.3
References
References
[1] NIST Security Requirements For Cryptographic Modules, FIPS PUB 140-2, De-
cember 3, 2002.
[2] NIST Security Requirements For Cryptographic Modules, Annex A: Approved
Security Functions for FIPS PUB 140-2, May 19, 2007.
[3] NIST Security Requirements For Cryptographic Modules, Annex B: Approved
Protection Profiles for FIPS PUB 140-2, November 4, 2004.
[4] NIST Security Requirements For Cryptographic Modules, Annex C: Approved
Random Number Generators for FIPS PUB 140-2, March 19, 2007.
[5] NIST Security Requirements For Cryptographic Modules, Annex D: Approved
Key Establishment Techniques for FIPS PUB 140-2, March 19, 2007.
[6] NIST Derived Test Requirements for FIPS 140-2, Draft, March 24, 2004.
[7] NIST Implementation Guidance for FIPS PUB 140-2 and the Cryptographic
Module Validation Program, March 19, 2007.
[8] NIST Frequently Asked Questions for the Cryptographic Module Validation Pro-
gram, December 8, 2006.
5