Experiences with the Entropy Source Validation (N23b)
The assessment and testing of an entropy source is one of the most complex and most fascinating processes in a FIPS 140-3 validation. This year, we saw the Entropy Source Validation grow from one step in a module’s validation, to its own beast, requiring separate accreditation, subject-matter experts, documentation and submission path. This talk will show experience with the challenges that a lab encounters during the ESV work. These experiences include documentation of specific items, the submission process, its tools, and the speaker’s own customized tools. Questions that arise when a similar entropy source is used in different operational environments: possible validation and revalidation scenarios, and scenarios that might not exist yet.