<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic FIPS or CC validation in Intel® Software Guard Extensions (Intel® SGX)</title>
    <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/FIPS-or-CC-validation/m-p/1183894#M3634</link>
    <description>&lt;P&gt;Is Intel aware of or currently involved in any&amp;nbsp;effort to validate&amp;nbsp;or certify SGX according to formal specifications such as FIPS 140 or Common Criteria? We are faced with customers who would value such validation, and we are wondering if anything can be said along those lines.&lt;/P&gt;</description>
    <pubDate>Tue, 11 Feb 2020 14:18:48 GMT</pubDate>
    <dc:creator>Lauritzsen__Roar</dc:creator>
    <dc:date>2020-02-11T14:18:48Z</dc:date>
    <item>
      <title>FIPS or CC validation</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/FIPS-or-CC-validation/m-p/1183894#M3634</link>
      <description>&lt;P&gt;Is Intel aware of or currently involved in any&amp;nbsp;effort to validate&amp;nbsp;or certify SGX according to formal specifications such as FIPS 140 or Common Criteria? We are faced with customers who would value such validation, and we are wondering if anything can be said along those lines.&lt;/P&gt;</description>
      <pubDate>Tue, 11 Feb 2020 14:18:48 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/FIPS-or-CC-validation/m-p/1183894#M3634</guid>
      <dc:creator>Lauritzsen__Roar</dc:creator>
      <dc:date>2020-02-11T14:18:48Z</dc:date>
    </item>
    <item>
      <title>Hello Roar,</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/FIPS-or-CC-validation/m-p/1183895#M3635</link>
      <description>&lt;P&gt;Hello Roar,&lt;/P&gt;&lt;P&gt;FIPS and the like&amp;nbsp;don’t certify instructions or Trusted Execution Environments&amp;nbsp;like SGX provides. They certify crypto algorithms and functions at the lower levels and even hardware components (chassis intrusion detection, environmental conditions or fluctuations, even protections against radiation/EMP) at the upper levels.&amp;nbsp; Some orgs have used SGX and gotten FIPS 140-2 certifications, e.g.&amp;nbsp;&lt;A href="https://www.wolfssl.com/wolfssl-intel-sgx-fips-140-2/" style="color:#0563c1; text-decoration:underline"&gt;WolfSSL&lt;/A&gt; and &lt;A href="https://www.fortanix.com/company/news/pr/2019/10/fortanix-awarded-fips140-2-level-3-certification/" style="color:#0563c1; text-decoration:underline"&gt;Fortanix&lt;/A&gt;,&amp;nbsp;using SGX, but you can’t actually get a FIPS certification for SGX itself.&amp;nbsp; This&amp;nbsp;&lt;A href="https://www.wikiwand.com/en/FIPS_140-2" style="color:#0563c1; text-decoration:underline"&gt;Wiki&lt;/A&gt; has a good description.&lt;/P&gt;&lt;P&gt;Regards,&lt;/P&gt;&lt;P&gt;Jesus&lt;/P&gt;&lt;P&gt;Intel Customer Support&lt;/P&gt;</description>
      <pubDate>Wed, 12 Feb 2020 16:45:20 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/FIPS-or-CC-validation/m-p/1183895#M3635</guid>
      <dc:creator>JesusG_Intel</dc:creator>
      <dc:date>2020-02-12T16:45:20Z</dc:date>
    </item>
  </channel>
</rss>

