Industry knowledge and intelligence are the backbone to confident and reliable corporate decision making. Gaining access to industry analysis, trends, and metrics can help to position you above competitors in a product saturated market.
Corsec utilizes its extensive staff and market leadership positions to acquire information and keep you abreast to industry updates. Corsec has developed a robust library of security certification resources and educational materials to drive sound corporate decision making around product hardening and security strategy.
Corsec combines two decades of security certification experience and expertise to provide you with engaging information to educate and train your employees on critical aspects of security certifications and validations. Corsec provides information to equip your internal staff as they make powerful decisions about the future of your brand and products.
A quick overview on the different concepts and approaches to FIPS 140-2 validation, as well as terms that can sometimes confuse even the most proficient security experts.
Each step in the security certification process, the takeaways Corsec offers from each step, and the barriers/risks to be aware of as you move through your security certification effort.
How Do I Get Certified?
There are three major phases to a security certifications and validations.
Phase 1: Design and Documentation
The amount of time to properly design and document a product varies greatly, depending upon the nature of the changes required and the maturity level of the product being evaluated. However, this phase of the process is the one that product vendors have the most control over. Many products require only small changes to meet requirements and some product manufacturers are able to integrate the design and documentation phase into a regular product release cycle. Assuming ideal circumstances, Corsec recommends planning for approximately four to six months for this effort.
Phase 2: Laboratory Testing
The amount of time that laboratory testing of an individual product takes directly correlates with how well the product was designed and documented. A product that properly meets the requirements and is delivered to the testing laboratory with all required documentation written correctly can move through testing in two to three months. There is no maximum time it can take for a product to successfully complete testing. Corsec recommends ensuring your product meets all requirements prior to entering the testing phase.
Phase 3: Scheme Review
Once the testing laboratory completes its testing of a product, a report is submitted to the certifying Scheme for review. The amount of time this review takes varies and can range from anywhere between two weeks and two months. Additional time may also be required if problems with the product are discovered during the review.
How Much Does Certification Cost?
Costs vary greatly, depending upon the complexity of the product and the level of certification sought. Additionally, poor planning and failure to properly execute a plan have resulted in some staggering sums being spent on certification efforts. Calculating how much a certification will cost is one of the most important activities when planning an evaluation effort.
How Long Will This Take?
A typical security certification effort will take anywhere from twelve to sixteen months from start to finish. This will depend heavily on certain factors: ROI, Cost, Product Changes, Certification Options, Timing, Customer Requirements, New Business Areas, and a Competitive Analysis.