> Are the specific results of the various tests a available to review? Not to my knowledge. Generally, the only thing that is public is a binary "yes/no" on the test results, and some (often detailed) description of the product's features that were tested. For examples of the latter, see the FIPS 140 Security Policy documents, which NIST published on their web site, or the Security Policy documents for products that PCI certifies.
For those who are curious, you can find the 4767 (Crypto Express5S) card's FIPS 140 Security Policy here: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3164.pdf. You can find the 4768 (Crypto Express6S) card's PCI HSM Security Policy here: https://www.pcisecuritystandards.org/ptsdocs/4-20333IBM_4768_PCI-HSM_Security_Policy_v1.11-1532367386.40602.pdf ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
