Product Testing is often the most complex component of security certifications and successful execution requires the proper equipment, infrastructure, and certification expertise. Companies relying upon internal staff and lab support often face resource constraints, considerable delays in schedule, increased risk, and financial losses; all impeding time to market.
Corsec’s Product Testing services augment your engineering capabilities with proven methodologies and patented systems to reduce time in testing, eliminate costs, and minimize the risk associated with internal testing efforts.
As part of the FIPS 140-2 validation process, you are required to include CAVP-approved algorithms as part of your submission to the CMVP. This process requires algorithm development, testing, and implementation. In order to complete product testing, you will need expertise in:
- SHIM Fabrication and Development
- Entropy and Cryptographic Coding
- Vector File and Test Parameter Implementation
- SAR Generation
The Corsec Solution
Algorithm testing is often fraught with errors and confusion, resulting in costly delays that can jeopardize your project’s success. Corsec’s services effortlessly streamline the algorithm testing portion of the FIPS 140-2 validation cycle with the deployment of our patented Ultima™ algorithm testing solution, which includes:
- Automated importation of lab-provided request files and parsing of all test parameters
- Test parameters correctly formatted for the form specified by the vendor’s implementation
- Preparation of data objects and performance of test-specific initialization
- Remote networked communications with the modules tested
- Execution of the algorithm as specified by the implementation
- Results from the implementation
- Resulting data formatted per lab requirements
- Results written in preferred format for validation
Test Case Development
The Common Criteria security certification process requires you to prove claims in your evaluation documentation through a set of well-written, detailed test cases that provide in-depth coverage of all security-centric functionality. You must then produce test plans for the evaluation lab, including a detailed description of the test environment and any installation and configuration prerequisites. These plans must correspond to the evaluation design documentation and provide adequate coverage of each of the defined user interfaces.
The Corsec Solution
Often times, attempts to create Common Criteria-approved test cases internally results in stumbles and cause lengthy tie-ups of over-taxed engineering teams. Corsec’s engineers develop and execute these test cases on your behalf, alleviating the burden on your team and providing test plans that are well-written, unambiguous and cover 100% of the necessary functionality with all of the required testing artifacts (screenshots, log files, etc.) and verification procedures.
The Defense Information Systems Agency (DISA) establishes configuration standards for products intended to be part of a Department of Defense (DoD) network. These standards are captured in a Security Technical Implementation Guide (STIG). The DoD currently supports dozens of STIGs, each one pertinent to a specific product category. In order to achieve listing on the UC APL, your product must adhere to the STIGs relevant to its product type and you are not allowed to decide which STIGs to adhere to – that is determined by DISA. Each STIG that is imposed on a product can require a significant investment in time and resources, product changes and enhancements, in addition to the detailed effort spent proving adherence to each.
The Corsec Solution
Corsec’s STIG Testing service can radically streamline this process. With our knowledge of STIGs and our experience with the overall UC APL evaluation, we are able to argue before governing bodies which STIGs are unnecessary for your product, ensuring only productive testing activities. We then perform the testing needed to state that the product meets the balance of the STIGs imposed on it with IA Lab tools for product hardening. Corsec offers:
- IA Lab Tools
- Staged STIG Testing
- Product Release Planning