FIPS140-2 Preliminary PlanningReview of existing product documentation.
- Engineering specifications and design documents
- Product manuals
Teleconferences with the testing laboratory (as required)
Preparation of a report encompasing:
- Design issues which require addressing for FIPS140-2 validation
- Implications on selection of FIPS140-2 validation levels
- High-level design approach
FIPS140-2 Validation Package PreparationPreparation of materials required for a FIPS140-2 validation.
- Security Policy Drafting
- Vendor Evidence Documentation Drafting
- Algorithm Validation
Note: these activities require interaction with appropriate technical staff in the client engineering organisation.
FIPS140-2 Testing Laboratory LiasonInterface with the selected Testing Laboratory on behalf of the client.
FIPS140-2 Cryptographic Algorithm Validation ImplementationAssistance and/or implementation of cryptographic algorithm testing for specified algorithms. Includes assistance with review of required runtime tests which must be added to the client product.
FIPS140-2 Submission Package ReviewReview of all submission material and assistance with updates to meet the current requirements of FIPS140-2.
FIPS140-2 Re-validation Preparation
For future product releases, revalidation can be straight forward or complicated depending on the nature of the changes to the cryptographic module since the previous release.
Smartcard Interfacing with Multi-Vendor DevicesInterfacing with the smartcard devices from a range of vendors on different platforms.
Smartcards and Embedded PlatformsEmbedded platforms offer their own challenges when interfacing to smartcard systems as non-Win32 platforms often means interfacing directly at the APDU level.
- Card-level Smartcard Interfaces
- Vendor Smartcard Middleware Interfaces
- Using Open Source Smartcard Middleware
Public Key Infrastructure Planning
Deployment of smartcard based systems usually involves the creation of X.509 based digital certificates and the associated public key infrastucture for deployment, operation, and lifecycle management.
Find out more …