Most CC evaluations performed in North America include cryptographic security claims called out in the target Protection Profile (PP) that is being used. Those requirements are met by obtaining validation certificates from the Cryptographic Algorithm Program (CAVP). The CAVP is a subset of the broader Cryptographic Module Validation Program (CMVP) that validates entire crypto modules against the FIPS 140-2/3 standard (ISO19790).
This post will explore the intersection between CC and FIPS 140 (in North America) and how the CAVP plays a key role in the eventual CC certification of a given product.
Read More