Home
About
Services
Contact
Links
 
 

Cryptsoft Services

Training Services
  • FIPS140-2 High Level Overview and Tutorial

    One day tutorial session covering the most important aspects of FIPS140-2 cryptographic module validation. The course includes an outline of the Cryptographic Module Validation Program (CMVP) and the interactions between the various parties involved in module validation. It contains an overview of the requirements which must be met in order to attain validation in each of the 14 areas that are part of the derived test requirements. Examples of realistic validation documentation are used throughout the course. The specific approaches for passing the algorithm validation suite in the Cryptographic Algorithm Validation Suite (CAVS) are covered.

    Note: A copy of the presentation materials for limited in-house use are provided. These materials may be used only by the project team involved in the planned validation and are not for general company use.

  • FIPS140-2 Requirements Analysis

    Typically this service is provided after the engineering team has completed the FIPS140-2 High Level Overview and Tutorial. This one day workshop involves discussion with technical staff as to approaches for validation of your existing or planned modules. A high level review of key items which may require design changes and identification of typical problem areas for existing module validation will be performed. There is no formal report produced as part of this interactive workshop. If a more formal and more in depth approach is required then one of the Development Consulting packages is more appropriate.

Development Consulting
  • FIPS140-2 Preliminary Planning
    Review of existing product documentation.
    • Engineering specifications and design documents
    • Product manuals
    Teleconferences with the product design team.
    Teleconferences with the testing laboratory (if required).
    Preparation of a report encompasing:
    • design issues which require addressing for FIPS140-2 validation
    • implications on selection of FIPS140-2 validation levels
    • high-level design approach

  • FIPS140-2 Validation Package Preparation

    Security Policy Drafting
    Vendor Evidence Documentation Drafting
    Note: these activities require interaction with appropriate technical staff in the client engineering organisation.

  • FIPS140-2 Testing Laboratory Liason

    Interface with the selected Testing Laboratory on behalf of the client.

  • FIPS140-2 Cryptographic Algorithm Validation Implementation

    Assistance and/or implementation of cryptographic algorithm testing for specified algorithms. Includes assistance with review of required runtime tests which must be added to the client product.

  • FIPS140-2 Submission Package Review

    Review of all submission material and assistance with updates to meet the current requirements of FIPS140-2.

  • FIPS140-2 Re-validation Preparation

    For future product releases, revalidation can be straight forward or complicated depending on the nature of the changes to the cryptographic module since the previous release.