OSSI submitted OpenSSL 0.9.8 for FIPS 140-2 validation. They have a press release on their home page. They successfully completed a validation of OpenSSL 0.9.7j earlier this year. This is an important validation of the cryptographic strength of OpenSSL. Red Hat has also validated NSS at FIPS 140-2 level 2. Since FISMA was enacted, government agencies are required by law to use FIPS 140-2 validated encryption whenever cryptography is used to protect the security of the system. FISMA explicitly eliminates waivers so these FIPS 140-2 validations are critical for Linux adoption by government agencies.