JBoss EAP 4.3 is Common Criteria certified but is there a plan for JBoss AS to be Common Criteria certified?
If not, is it known if JBoss AS is FIPS 140-2 compliant. I know JBoss can use OpenSSL for https communication and OpenSSL itself is FIPS 140-2 compliant. Does anyone know what other areas of JBoss would need to be inspected/validated to be FIPS compliant (password storage, external JNDI communication)?
JBoss AS == community edition. It's only the enterprise edition == JBoss EAP which get certified for criteria like this one. If you are a paid customer, you'll have to get in touch with the support team for the details.