Reduce time in testing, minimize costs, and eliminate risks associated with product security testing. Corsec’s methodology, patented systems, infrastructure, and certification expertise helps you avoid internal resource constraints, delays, and financial losses often associated with leveraging internal staff and lab support.
CAVP algorithm testing is a required and confusing component of the FIPS 140-2 validation process. Without the proper expertise and tools, testing will often be fraught with errors which will not pass Lab Review, resulting in duplication of work and costly delays; jeopardizing your project’s success. Expertise in the following areas is necessary:
- Vector File and Test Parameter Implementation
- SHIM Fabrication and Development
- Entropy and Cryptographic Coding
- Algorithm Development, Testing, and Implementation
- SAR Generation
The Corsec Solution
Corsec’s services effortlessly streamline algorithm testing for your team with the deployment of our patented Ultima™ solution, which includes:
- Automated importation of lab-provided vector files and parsing of all test parameters
- Test parameters correctly formatted for the form specified by the vendor’s implementation
- Preparation of data objects and performance of test-specific initialization
- Remote networked communications with the modules tested
- Execution of the algorithm as specified by the implementation
- Results from the implementation
- Resulting data formatted per lab requirements
- Results written in preferred format for validation
The Common Criteria security certification process requires you to prove claims in your evaluation documentation through a set of well-written, detailed test cases that provide in-depth coverage of all security-centric functionality. You must then produce test plans for the evaluation lab, including a detailed description of the test environment and any installation and configuration prerequisites. These plans must correspond to the evaluation design documentation and provide adequate coverage of each of the defined user interfaces.
The Corsec Solution
Often times, attempts to create Common Criteria-approved test cases internally results in stumbles and cause lengthy tie-ups of over-taxed engineering teams. Corsec’s engineers develop and execute these test cases on your behalf, alleviating the burden on your team and providing test plans that are well-written, unambiguous and cover 100% of the necessary functionality with all of the required testing artifacts (screenshots, log files, etc.) and verification procedures.
The Defense Information Systems Agency (DISA) establishes configuration standards for products intended to be part of a Department of Defense (DoD) network. These standards are captured in a Security Technical Implementation Guide (STIG). The DoD currently supports dozens of STIGs, each one pertinent to a specific product category. In order to achieve listing on the DoDIN APL, your product must adhere to the STIGs relevant to its product type and you are not allowed to decide which STIGs to adhere to – that is determined by DISA. Each STIG that is imposed on a product can require a significant investment in time and resources, product changes and enhancements, in addition to the detailed effort spent proving adherence to each.
The Corsec Solution
Corsec’s STIG Testing service can radically streamline this process. With our knowledge of STIGs and our experience with the overall DoDIN APL evaluation, we are able to argue before governing bodies which STIGs are unnecessary for your product, ensuring only productive testing activities. We then perform the testing needed to state that the product meets the balance of the STIGs imposed on it with IA Lab tools for product hardening. Corsec offers:
- IA Lab Tools
- Staged STIG Testing
- Product Release Planning