Algorithm validation testing is a critical path issue for FIPS 140-3 validations and for NIAP Protection Profile-based Common Criteria evaluations. Equipment vendors are often surprised at the level of effort and the potential challenges in successfully completing the algorithm testing …
Understanding the IUT and MIP Lists and Their Wait Times
The most common question we receive from clients on the FIPS Validation process is: “after my validation report has been sent to the Cryptographic Module Validation Program (“CMVP”), how long will it take to complete the Validation?”. This post outlines …
Beyond the testing: FIPS 140-3 documentation inputs
First time vendors to the FIPS 140 validation process are often not aware of the scope of supporting documentation and evidence required. These documentation inputs are integral to the lab being able to perform and finalize the full validation process. …
NIST 800-90B Input Data Considerations
For the past few years, the Common Criteria program has been mandating entropy analysis for almost all protection profile based evaluations. Since November 2020, NIST 800-90B has also become a mandatory requirement under the FIPS 140-2 and the forthcoming FIPS …
Funding for NIST CAVP Vendor Software Platform
As part of our continued push to modernize the product security certification industry, Lightship Security is pleased to announce that it is receiving advisory services and conditional research and development funding from the National Research Council of Canada Industrial Research …
NIST 800-90B Concepts
The claimed entropy source for a FIPS 140 validated module now requires compliance to NIST SP800-90B. This means that any cryptographic module going through FIPS 140-2 or FIPS 140-3 validation needs to adhere to NIST implementation guidance 7.18 – Entropy …
The Role of Cryptographic Algorithm Validations in Common Criteria (CAVP FAQ)
[Updated July 6, 2021 – NIAP requires exact match CPU specs in CAVP certificates] Most CC evaluations performed in North America include cryptographic security claims called out in the target Protection Profile (PP) that is being used. Those requirements are …
FIPS 140-2/3 News
Updates – October, 2020 FIPS 140-3 is Here! In this latest installment of our FIPS blog, we will cover key transition dates, available training and the list of documentation inputs needed for a FIPS 140-3 validation.
FIPS 140-2 Validation Queue: The Waiting Game
A common concern our clients have before undertaking a new FIPS 140-2 validation is understanding the various phases and the overall time it takes to get from start to finish. One of the ways we manage our clients’ expectations is …
Comparing CAVP and ACVP – Test Harness Implications
ACVP Test Harness Considerations
- Page 1 of 2
- 1
- 2