Eliminate the Risks Associated with Testing Your Product
Corsec’s methodology, patented systems, infrastructure, and certification expertise helps you avoid common mistakes associated with relying solely on internal staff and lab support
Shorten Time In Testing
Avoid Design Changes
Reduce Internal Constraints
Algorithm Testing for FIPS 140-2
The Cryptographic Module Validation Program (CMVP) requires Algorithm Testing as part of a FIPS 140-2 validation. After completing testing on the sources of cryptographic functionality within your product, you will receive Cryptographic Algorithm Validation Program (CAVP) certificates.
Avoid Common Errors During Algorithm Testing with Corsec’s Patented and Automated Ultima™ Solution:
- Entropy and cryptographic coding, testing, and implementation
- SHIM fabrication and development
- Importation of lab-provided vector files and parsing of all test parameters
- Formatting test parameters to the correct form per the vendor’s implementation
- Preparation of data objects and performance of test-specific initialization
- Execution of the algorithms as specified by the implementation
- Generation of results from the implementation
- Formatting and development of data results to meet lab requirements
Common Criteria requires you to prove claims in your evaluation through a set of well-written, detailed test cases that provide in-depth coverage of all security-centric functionality. You must produce test plans for the evaluation lab, including a detailed description of the test environment and any installation and configuration prerequisites. These plans must correspond to the evaluation design documentation and provide adequate coverage of each of the defined user interfaces.
Offload the creation of Common Criteria-approved test cases and avoid lengthy tie-ups that over-tax engineering teams related to:
- Developing well-written, detailed, and unambiguous test plans
- Ensuring 100% coverage of the product’s security centric functionality
- Preparing and delivering testing artifacts (screenshots, log files, etc.)
- Verification of procedures and evaluation of designs
The Defense Information Systems Agency (DISA) establishes configuration standards for products intended to be implemented on the Department of Defense (DoD) network. These standards are captured in a Security Technical Implementation Guide (STIG).
The DoD currently supports dozens of STIGs, each one pertinent to a specific product category. In order to achieve listing on the DoDIN APL, your product must adhere to the STIGs relevant to its product type, which DISA will dictate. Each STIG that is imposed on a product requires significant investment in time, resources, product changes, and enhancements – in addition to the detailed effort spent proving adherence.
Corsec’s expertise ensures only productive activities for authoring, maintenance, and testing are performed through:
- STIG Advocacy and Arguments
- Information Assurance (IA) Lab Tools
- Product Release Planning
- Staged STIG Testing
- STIG Authoring
- STIG Maintenance
- Sponsor Coordination
- DoD Expertise