Ctrl IQ Completes CAVP Algorithm Certificate Process

Corsec would like to congratulate our partner, Ctrl IQ, Inc., on successfully completing the testing of their cryptographic algorithms.

As part of the FIPS 140-2 and FIPS 140-3 module validation submission process, vendors must complete Cryptographic Algorithm Validation Program (CAVP) validation testing of approved (i.e., FIPS-approved and NIST-recommended) cryptographic algorithms and their individual components.

To achieve this milestone, Ctrl IQ partnered with Corsec, completing the testing process and receiving the following certificates:

• GnuTLS (A3950)
• Kernel Crypto API (A3951)
• Kernel Crypto API RFC4106 AES GCM (A3952)
• Libcrypto (A3953)
• Libssl (A3954)
• Libgcrypt (A3955)
• Nettle (A3956)
• NSS (A3957)

For more information and details on the algorithm certificates visit the CAVP site here.  To speak to a Corsec expert on how to engineer your product to meet federal and regulated industry security requirements, schedule time here.

FIPS 140-2 / FIPS 140-3 are a joint effort by the National Institute of Standards and Technology (NIST) in the United States and the Communications Security Establishment Canada (CSEC), under the Canadian government. The Cryptographic Module Validation Program (CMVP), headed by NIST, provides module and algorithm testing for FIPS 140, which applies to Federal agencies using validated cryptographic modules to protect sensitive government data in computer and telecommunication systems. FIPS 140 provides stringent third-party assurance of security claims on any product containing cryptography that may be purchased by a government agency.

FIPS 140 is mandated by law in the U.S. and very strictly enforced in Canada. FIPS 140 has gained worldwide recognition as an important benchmark for third party validations of encryption products of all kinds. A FIPS 140 validation of a product provides end users with a high degree of product security, assurance, and dependability.

CIQ is reimagining software infrastructure with community-driven Rocky Linux as its core.  CIQ is composed of technology founders, innovators, engineers, some of the leading creators in the industry, and we all share the same vision: to help companies, teams, and individuals do amazing things.

For over 25 years Corsec has assisted companies through the IT security certification process for FIPS 140-2 / FIPS 140-3, Common Criteria (CC), CSfC, and the DoD’s APL. We are a privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.

###