FIPS 140-2 and User Roles
I know that FIPS 140-2 provides roles (Crypto Officer and User), but I can’t seem to find the answers to two very specific
questions.
1. If
a PC operator is the User Role (AKA not a local administrator) and somehow promotes themselves to be local administrator (AKA Crypto Officer) which allows them access to the key through manage-bde are they still complaint? In other words,
can the standard operator or user who requires FIPS 140-2 be a Crypto Admin and still be compliant?
The article from NIST (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp947.pdf)
does not give that much detail and the FIPS standard is very vague. From what I read it sounds like the roles have to be separated and any overlap would mean non-compliance. Any clarification would be great.
Many thanks to anyone able to clarify this for me!
January 4th, 2011 8:45am