9. Is Bouncy Castle FIPS-140 certified?
At the moment, while we support most of the algorithms, the answer is no. We now have a FIPS ready API which is now making its way through the NIST queue and has been through algorithm and lab testing and we are offering certified API with a release version of 1.0.0. Work on 1.0.1 has also begun. Access to the unreleased 1.0.1 version is available under an early access program which we offer to people and organisations who either donate 5000 USD, or more, to the project or hold Bouncy Castle support contracts, Bronze level or above, through Crypto Workshop . The early access program also includes the CAVP test harness and other documentation in full source. If you are interested in donating to this effort in general you can donate at our donations page. Contact or contact us at firstname.lastname@example.org if you would like further details. The 1.0.0 version is available at https://www.bouncycastle.org/fips-java
10. If I am using the Bouncy Castle FIPS APIs is my application also FIPS compliant?
11. What is Bouncy Castle's export classification in the United States of America?
At the time of writing (16 May 2007Originally (pre 2017) Bouncy Castle is was approved classified under ECCN code 5D002 and approved for export under License Exception TSU. As at this time of writing (June, 2017) the ECCN code for open source software like Bouncy Castle that has been registered (as in reviewed by BIS and released from “EI” and “NS” controls pursuant to §742.15(b) of the EAR), is now 5D992.c If you also need to list algorithms available in the provider and the strengths supported, you can find the information in the specifications.html file provided with the distribution you are using. See The Bureau of Industry and Security website for further details.