Entropy Source Validation Testing

What atsec offers

The CMVP requires that all FIPS 140-2 and FIPS 140-3 module validation submissions include documentation justifying conformance to SP 800-90B if applicable. SP 800-90B, along with FIPS 140-2 Implementation Guidance (IG) documents 7.18, 7.19, and 7.20 and corresponding FIPS 140-3 IGs D.J, D.K, and D.O, outline the requirements for an entropy source to be included in a FIPS-approved cryptographic module.

This involves statistical analysis of raw entropy data (one million samples) collected from a continuous run of the noise source, as well as raw entropy data (another million samples) collected by concatenating 1,000 samples after a restart of the noise source with a total of 1,000 restarts. The design and operation of the noise source needs to be documented and reviewed.

atsec offers ESV testing as an accredited laboratory (NVLAP Lab code #200658).

The following entropy source implementations were tested by the atsec laboratory:

Vendor
Implementation
Certificate
Date
F5, Inc.
CPU Jitter RNG
 E16
2023-01-25
Apple Inc.
Apple corecrypto v11.1 non-physical entropy source
 E15
2023-01-19
Apple Inc.
Apple corecrypto v11.1 physical entropy source
 E14
2023-01-19
IBM
IBM Capri ASIC Entropy Source
 E9
2022-12-16
Red Hat, Inc.
Kernel CPU Time Jitter RNG Entropy Source
 E8
2022-12-02