FIPS 140-2 Testing

Our laboratory is accredited to perform FIPS 140-2 testing of cryptographic modules at Security Levels 1 through 4.

The FIPS 140-2 certification consists of the following steps:

1. A FIPS 140-2 workshop is usually performed by the laboratory at a vendor’s site. The workshop covers all applicable FIPS 140-2 requirements as they apply to the vendor’s product.

2. The laboratory analyzes the product information obtained during the workshop and conducts a gap analysis to determine potential areas of non-compliance.

3. The vendor corrects deficiencies identified during the gap analysis phase, if any.

4. The vendor and the laboratory enter into a testing agreement for the testing of the product.

5. The vendor submits the product and the product documentation to the laboratory.

6. The laboratory works with the vendor to conduct the FIPS 140-2 testing of the product. The vendor addresses any deficiencies that are found during the testing.

7. Upon successful completion of the testing the laboratory submits the testing documents to CMVP. The set of testing documents submitted to CMVP includes: draft certificate, summary module description, detailed test report, nonproprietary security policy, and website information. Signed letter from the laboratory stating recommendation for validation received is also submitted to CMVP.

8. CMVP assigns reviewers to review the testing documents. CMVP reviewers review the testing documents and issue comments to the laboratory.

9. Additional testing may be conducted by the laboratory based on the CMVP comments. Laboratory may also request additional documentation. The comments are resolved and the updated testing documents are resubmitted to CMVP.

10. Upon final resolution of validation review comments, and submission of the final testing documents to CMVP, the Certificate number is assigned. Certificate printing and signature process is then initiated.