3

I have a FIPS compliant solution which have few libraraies which are non FIPS compliant. These non FIPS compliant libraraies are dead code which are not used. Is this acceptable for FIPS compliant auditing?

Do we need to remove non FIPS compliant libraraies from our solution ? Please confirm.

Manish Jain
  • 865
  • 3
  • 13
  • 28
  • I have asked similar question and still looking for an answer. https://stackoverflow.com/questions/63790576/will-application-pass-fips-certification-if-we-use-md5-only-to-calculate-unique – Sergey Maruda Sep 08 '20 at 09:55

1 Answers1

1

If they are dead code then it's not a problem because in any case one may not be able to reach it through pen testing. But it's suggested to remove dead code if not required.

livesamarthgupta
  • 192
  • 1
  • 2
  • 9