Samsung OpenSSL Cryptographic Module
FIPS 140-2 Security Policy
© 2013 Samsung/atsec information security. This document can be reproduced and distributed only whole and intact,
including this copyright notice.
4 of 24
1. Introduction
This document is a non-proprietary FIPS 140-2 Security Policy for the Samsung OpenSSL
Cryptographic Module. It contains a specification of the rules under which the module must
operate and describes how this module meets the requirements as specified in FIPS PUB 140-2
(Federal Information Processing Standards Publication 140-2) for a Security Level 1 multi-chip
standalone software module.
1.1. Purpose of the Security Policy
There are three major reasons that a security policy is required:
it is required for FIPS 140-2 validation,
it allows individuals and organizations to determine whether the cryptographic module, as
implemented, satisfies the stated security policy, and
it describes the capabilities, protection, and access rights provided by the cryptographic
module, allowing individuals and organizations to determine whether it will meet their
security requirements.
1.2. Target Audience
This document is intended to be part of the package of documents that are submitted for FIPS
validation. It is intended for the following people:
Developers working on the release
FIPS 140-2 testing lab
Crypto Module Validation Program (CMVP)
Consumers