|
What is FIPS 140-2?
Federal Information Processing Standards Publication 140-2 (FIPS PUB
140-2) is a standard that defines government security requirements for
cryptographic modules. The FIPS 140-2 standard was jointly developed by
the US government, Canadian government and the commercial industry.
Why do we need to validate our product?
Because it is required by the government of Canada and the U.S. If you
wish to sell your cryptographic product (hardware or software) to a
government agency, you must have your product tested by an accredited
laboratory.
Who is NIST? Who is CSEC?
NIST stands for the National Institute of Standards and Technology, a
U.S. government agency that defines standards to be used by the U.S. as
well as its government agencies. CSEC stands for Communications
Security Establishment Canada and is effectively the Canadian
counterpart to NIST. NIST and CSEC jointly developed the Cryptographic
Module Validation program, and both actively oversee the program. For
example, test reports submitted by a laboratory are reviewed by both
NIST and CSEC prior to validation.
What is NVLAP?
NVLAP stands for the National Voluntary Laboratory Accreditation
Program, a department within NIST that accredits laboratories. Atlan
Laboratories was accredited by NVLAP by passing rigorous technical
exams, laboratory process reviews, and on-site assessments. The
accreditation indicates that NVLAP trusts that Atlan has the necessary
expertise and quality procedures to perform security testing under the
FIPS 140 standards.
How much does a FIPS validation cost?
The cost for validation varies with the complexity and the desired
security level of your product. There are four increasing levels of
security requirements defined in the FIPS 140 standards, and as the
desired security level or the complexity increases, so would the cost.
However, at Atlan Laboratories, we believe in providing our customers
top quality, cost-effective validations. All Atlan FIPS validations are
bid as fixed price efforts: no hidden costs and no cost spillovers. To
find out about how to get a quote please contact us.
How long does a validation take?
The total time necessary to validate a product depends on a number of
factors: complexity, compliance with the FIPS 140 standard,
availability of testing and debugging tools, the desired security
level, and a number of other factors. Validation efforts can typically
be measured in months.
What is the validation process?
The validation process is very simple and typically follows the three
parts described below:
1. An initial meeting allows us to conduct a full product/design review
and layout a validation roadmap.
2. With the product ready for testing, Atlan conducts the conformance
testing, summarizing its testing and results in a conformance report.
3. CSE and NIST review and approve the product for validation.
Can software products be validated/tested?
Yes, software products can be tested, and a number of software
cryptographic modules have already been validated.
|
