Category Archive

Below you'll find a list of all posts that have been categorized as “FIPS 140-2”

Five Steps to Algorithm (CAVP) Validations at Lightship

Gillian Bedrosian and Dennis Momy March 21, 2022ACVP, FIPS 140-2, FIPS 140-3

Algorithm validation testing is a critical path issue for FIPS 140-3 validations and for NIAP Protection Profile-based Common Criteria evaluations. Equipment vendors are often surprised at the level of effort and the potential challenges in successfully completing the algorithm testing …

Understanding the IUT and MIP Lists and Their Wait Times

Gillian Bedrosian June 16, 2021FIPS 140-2, FIPS 140-3

The most common question we receive from clients on the FIPS Validation process is: “after my validation report has been sent to the Cryptographic Module Validation Program (“CMVP”), how long will it take to complete the Validation?”. This post outlines …

Beyond the testing: FIPS 140-3 documentation inputs

Grace Grundy and Jason Cunningham May 26, 2021Entropy, FIPS 140-2, FIPS 140-3

First time vendors to the FIPS 140 validation process are often not aware of the scope of supporting documentation and evidence required. These documentation inputs are integral to the lab being able to perform and finalize the full validation process. …

NIST 800-90B Input Data Considerations

Greg McLearn March 8, 2021Certifications, Common Criteria, Entropy, FIPS 140-2, Tools

For the past few years, the Common Criteria program has been mandating entropy analysis for almost all protection profile based evaluations. Since November 2020, NIST 800-90B has also become a mandatory requirement under the FIPS 140-2 and the forthcoming FIPS …

NIST 800-90B Concepts

James Ramage February 16, 2021Entropy, FIPS 140-2, FIPS 140-3

The claimed entropy source for a FIPS 140 validated module now requires compliance to NIST SP800-90B. This means that any cryptographic module going through FIPS 140-2 or FIPS 140-3 validation needs to adhere to NIST implementation guidance 7.18 – Entropy …

The Role of Cryptographic Algorithm Validations in Common Criteria (CAVP FAQ)

Lachlan Turner February 8, 2021ACVP, Certifications, Common Criteria, FIPS 140-2, FIPS 140-3

[Updated July 6, 2021 – NIAP requires exact match CPU specs in CAVP certificates] Most CC evaluations performed in North America include cryptographic security claims called out in the target Protection Profile (PP) that is being used. Those requirements are …

Comparing CAVP and ACVP – Test Harness Implications

Alex Thurston February 10, 2020ACVP, Certifications, FIPS 140-2

ACVP Test Harness Considerations

Automated Algorithm Testing Tutorial

Jason Lawlor November 14, 2019ACVP, FIPS 140-2

Automated Algorithm Testing

OpenSSL and ACVP Parsing

Greg McLearn August 14, 2019ACVP, FIPS 140-2, Tools

OpenSSL is used in some part by an overwhelmingly large percentage of the enterprise vendor community. Those vendors which need to go through FIPS 140-2 or Common Criteria may find themselves needing to perform algorithm testing and may be presented …

Preparing for FIPS Validation Part 2 – Boundaries and Libraries

Jason Lawlor March 15, 2019Certifications, FIPS 140-2

In part 2 of our multi-part Lightship Security video tutorial series geared toward vendors who are new to FIPS 140-2, we discuss the concept of cryptographic boundaries, cryptographic libraries and the design aspects required for FIPS 140-2 compliance. The previously …

Page 1 of 2
1
2
→