FIPS 140-2 Compliance for products based on SE050F

JimLin2023 · ‎11-29-2023

Hi NXP team, I'm going to develop a USB dongle with SE050F + some MCU.

One reason I chose SE050F is that it's FIPS140-2 compliant. I'm not familiar with the FIPS qualification.

Could you help explain what other work I need to do to make this whole USB dongle FIPS 140-2 compliant?

I may also build some software tools on PC to work with this USB dongle. Do I need to qualify the software tool as well?

Thanks a lot and look forward to your reply.

JimLin2023 · ‎12-02-2023

Thanks a lot Kan. This is helpful.

May I know what's the FIPS 140-3 element under certifying?

Kan_Li · ‎11-30-2023

Hi @JimLin2023 ,

Actually it depends on what you want to achieve – everybody can say they implemented something FIPS140-2 compliant – e.g. via using certified components. Still the certification boundary is then the lower layer component and not the whole device. If you need to claim a certification of the device you still need to certify the solution – which shall be much easier when using FIPS certified components. Please note that SE050 is certified to FISP140-2 and you cannot certify the version 2 anymore as the standard evolved to version 3. We have a FIPS140-3 secure element in certification process, but this is still not completed by NIST.

Hope that makes sense,

Have a great day,
Kan

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------