Is there a document that lists the appropriate 800-56a standards the OpenSSL FIPS module conforms to and for each applicable section listed in the 800-56a standard as conforming, is there a listing for all statements that are not "shall" (that is, "shall not", "should", and "should not")? If the included functionality is indicated as "shall not" or "should not" in the 800-56a standard, then is there a document providing rationale for why this will not adversely affect the security policy implemented by the OpenSSL FIPS module. Is any omission of functionality related to "shall" or “should” statements described?
I have looked at the document OpenSSL FIPS Object Module Version 2.0.2 and looked at table 4a but did not find a detailed discussion on how it satisfies the 800-56a standard. Thanks, John Corbin
