FIPS Certification Service and Automation

Valiantica leverage its combination of extensive certification experience and product development experience to offload the work from your internal resources. We work with a client every step of the way, from initial assessment to choosing a lab to completing the documentation for the FIPS certification. We also offer a cloud-based service to automate the FIPS certification process.

Enabling Smooth, Continous, and Automated FIPS Certification

100% Customer Focus

No matter what we do and how we do it, customers always come first.


Learn More

Experienced Team

50+ years of combined experienced in information security and certification.


Learn More

Deep Industry Knowledge

Industry experts in semiconductor, device, and manufacturing.


Learn More

FIPS CERTIFICATION OVERVIEW

Federal Information Processing Standard 140-2(FIPS 140-2) is a standard that describes US Federal government requirements that IT products should meet for Sensitive, but Unclassified (SBU) use. The standard was published by the National Institute of Standards and Technology (NIST), has been adopted by the Canadian government's Communication Security Establishment (CSE), and is jointly administered by these bodies under the umbrella of the Cryptographic Module Validation Programme (CMVP).

The standard defines the security requirements that must be satisfied by a cryptographic module used in a security system protecting unclassified information within IT systems. There are four levels of security: from Level 1 (lowest) to Level 4 (highest). These levels are intended to cover the wide range of potential applications and environments in which cryptographic modules may be deployed. The security requirements cover areas related to the secure design and implementation of a cryptographic module. These areas include basic design and documentation, module interfaces, authorized roles and services, physical security, software security, operating system security, key management, cryptographic algorithms, electromagnetic interference/electromagnetic compatibility (EMI/EMC), and self-testing.

Learn More

FIPS CERTIFICATION SERVICES

  • FIPS 140 workshop
    We begin with a two-day workshop. This usually occurs on a client site or at a location that is convenient for client staff. The purpose of the workshop is threefold: 1) training in the concepts of FIPS 140-2 and the evaluation process; 2) presents the module functionality to the delegates; and 3) defines the module boundary and lists the algorithms, keys and services of the module.
  • Compliance Assessment and Audit
    We consult with you to identify a successful certification strategy, which often involves using an already certified module or only validating algorithms. If validation is necessary we work with you to identify cryptographic algorithms, determine the appropriate certification level, and define the cryptographic module boundary. We review existing documentation and identify documentation requirements that require additional effort.
  • Implementation Support
    The compliance audit identifies areas that need to be addressed prior to evaluation. This phase provides developers with the support that they need to implement the FIPS 140 requirements. This can be quite difficult for developers going through the FIPS 140 process for the first time and the support process shortens the timescale needed to address the FIPS 140 requirements.
    • Guidance
    • Algorithm Validation
    • Documentation Development
  • Authoring the Security Policy and Vendor Evidence
    In order to be accepted into evaluation by a test lab, a client needs to submit to the lab a complete set of documentation that details how its product meets each and every relevant requirement of the FIPS 140 criteria. We start by producing the Cryptographic Module Security Policy, the key document that is posted on the CMVP website on successful completion of the evaluation. This is a public document and tells prospective customers how a product provides its FIPS 140 security functionality. We also produce a "Vendor Evidence" pack, that explicitly addresses each derived test requirement (DTR) assertion and provides the lab with easy to follow and verifiable evidence of compliance. A Finite State Model document is also a requirement and we tend to provide this as a separately controlled component within the Vendor Evidence. At higher levels extra evidence is necessary. At level 2, for instance, a Functional Specification must also be provided.
  • Lab support
    Once the documentation is delivered to the test lab, the evaluation can begin. The lab evaluation falls into five phases: documentation review, algorithm validation, source code review, physical testing and report writing and submission. We provide technical support to the lab, providing their technical point of contact and shielding our customers from interruptions. We will also handle the algorithm validation and host the source code review and support and witness the physical testing where appropriate.

Learn More

FIPS CERTIFICATION AUTOMATION

fipscentral.com

Our FIPS Certification Automation is offered through http://fipscentral.com. It is a cloud-based web application on the Internet. Users can sign up with either free or paid subscription. It provides FIPS customers a centralized web application to get up to date on FIPS standards and development, learn FIPS concepts and processes, and manages their own FIPS certification processes (over and over again).
  • Provide latest information and update on FIPS standards
  • Allow customized searches and updates based on user specification
  • Provide artificial intelligence and machine learning on all FIPS certification documentation
  • Manage necessary documentation
  • Automate certification process
  • Execute automated test suites
  • Be the central point of the company‚Äôs whole FIPS certification process and lifecycle

  • Learn More

SOME OF COMPANY CUSTOMERS



OUR SERVICE TEAM

Contact Me:

Mr. Kukreja

Consulting Manager

Mr. Kukreja is our FIPS consulting manager. He worked for several startups to big corporations, with 20+ years of experience in Software, Hardware, Firmware in Security Domain. He has passion about security protocols and security certifications for devices. He loves to help his customers to build security compliance products. He has successfully certified various Network and Storage products for FIPS compliance. He also has a rich experience in project and product management using Agile and LEAN methodologies. Rajesh holds a BS and an MBA degree and various certifications.

Contact Me:

Mr. Hynes

Lead FIPS Consultant

Mr. Hynes is our Lead FIPS consultant. He served various Hi-Tech corporations, with 25+ years of experience in Hardware and Firmware in Security Domain. He owns various patents around security. He helped many customers to build security compliance products and protocols. He contributed to write a TCG standard for storage products. He has successfully facilitated many FIPS and ISO certification programs. He also has a rich experience in designing and programming. Randy holds a BS and MS degree in Engineering.

Dr. Peiwei Mi

Contact Me:

Dr. Mi

Development Manager

Dr. Mi is Development Manager for our FIPS Automation. He has architected many multi-tier web applications and is the main architect of fipscentral.com. He had been VP of Engineering at several software companies in Silicon Valley and holds a PhD degree in Computer Science from University of Southern California.

CONTACTS

Main Line: (408) 725-2426

 
 

888 Saratoga Ave. #210 San Jose, CA, 95129


About

Valiantica is a global IT product and service provider that specializes in full stack JavaScript and Java development, primarily with Bootstrap, angularJS and nodeJS.

Social Links

US Headquarters

888 Saratoga Ave. #210
San Jose, CA 95129
United States.
(408) 725-2426