Currently, agencies looking for encryption capabilities spend hundreds of thousands -- and in some cases millions -- of dollars licensing proprietary cryptographic tools.

In an e-mailed statement, NIST confirmed the "not-available" status but offered no reasons for it.

Already, the OSSI has been required to make a continuing series of tweaks to OpenSSL at the request of the CMVP, said Steve Marquess, the open-source group's validation project manager.

Part of the problem stems from the fact that the FIPS requirements were written for hardware-based encryption tools, while OpenSSL is software-based. As a result, mapping the FIPS requirements to OpenSSL has been challenging, Marquess said.

Vendors of commercial products have also raised a constant stream of technology-related questions that have proved time-consuming to address, Marquess said.