Address common vulnerabilities and harden your product against certification requirements through testing and analysis
What We Do: Enhance and Reinforce Product Security
The foundation to a successful certification is developing a strong and secure product. Corsec works as an extension to your engineering team to harden your product against certification requirements and address design changes that are susceptible to common vulnerabilities.
Corsec’s Approach Eliminates Risks
Avoid common engineering mistakes & pitfalls related to testing, schedules, product design changes, & project management
FIPS 140-2: CAVP & Algorithm Testing
The Cryptographic Module Validation Program (CMVP) requires Algorithm Testing as part of a FIPS 140-2 validation. After completing testing on the sources of cryptographic functionality within your product, you will receive Cryptographic Algorithm Validation Program (CAVP) certificates.
AVOID COMMON ERRORS DURING ALGORITHM TESTING WITH CORSEC’S PATENTED AND AUTOMATED ULTIMA™ SOLUTION:
- Entropy and cryptographic coding, testing, and implementation
- SHIM fabrication and development
- Importation of lab-provided vector files and parsing of all test parameters
- Formatting test parameters to the correct form per the vendor’s implementation
- Preparation of data objects and performance of test-specific initialization
- Execution of the algorithms as specified by the implementation
- Generation of results from the implementation
- Formatting and development of data results to meet lab requirements
Common Criteria: Test Case Development
Common Criteria requires you to prove claims in your evaluation through a set of well-written, detailed test cases that provide in-depth coverage of all security-centric functionality. You must produce test plans for the evaluation lab, including a detailed description of the test environment and any installation and configuration prerequisites. These plans must correspond to the evaluation design documentation and provide adequate coverage of each of the defined user interfaces.
OFFLOAD THE CREATION OF COMMON CRITERIA-APPROVED TEST CASES AND AVOID LENGTHY TIE-UPS THAT OVER-TAX ENGINEERING TEAMS:
- Developing well-written, detailed, and unambiguous test plans
- Ensuring 100% coverage of the product’s security centric functionality
- Preparing and delivering testing artifacts (screenshots, log files, etc.)
- Verification of procedures and evaluation of designs
DoDIN APL: STIG Authoring & Testing
The Defense Information Systems Agency (DISA) establishes configuration standards for products intended to be implemented on the Department of Defense (DoD) network. These standards are captured in a Security Technical Implementation Guide (STIG).
The DoD currently supports dozens of STIGs, each one pertinent to a specific product category. In order to achieve listing on the DoDIN APL, your product must adhere to the STIGs relevant to its product type, which DISA will dictate. Each STIG that is imposed on a product requires significant investment in time, resources, product changes, and enhancements – in addition to the detailed effort spent proving adherence.
CORSEC’S EXPERTISE ENSURES ONLY PRODUCTIVE ACTIVITIES FOR AUTHORING, MAINTENANCE, AND TESTING:
- STIG Advocacy and Arguments
- Information Assurance (IA) Lab Tools
- Product Release Planning
- Staged STIG Testing
- STIG Authoring
- STIG Maintenance
- Sponsor Coordination
- DoD Expertise