Evaluation of Common Criteria, FIPS 140, INTERAC (SPED), security and cryptographic products

Certification provides an independent assessment of the cryptographic security of your product based on the FIPS 140-2 Standard.

Summary of the FIPS 140-2 Security Requirements (From Section 4 of FIPS PUB 140-2)

Every five years the cryptographic module standard is revised based on new technological advances and commercial input. FIPS 140-2 has been created to supersede the FIPS 140-1 standard to more modern computing needs. FIPS 140-2 was approved in July 2001 and the Derived Testing Requirements (DTR) was made available in November of 2001. After May 25, 2002, NIST and CSE will only accept certification reports for cryptographic modules against FIPS 140-2 and the FIPS 140-2 DTR, although all previous certifications against FIPS 140-1 will still be recognized.

NIST, CSE, CMVP and NVLAP

NIST stands for the National Institute of Standards and Technology, a U.S. government agency that defines standards to be used by the U.S. as well as its government agencies.

CSE stands for the Communications Security Establishment and is effectively the Canadian counterpart to NIST. NIST and CSE jointly developed the Cryptographic Module Certification program, and both actively oversee the program. For example, test reports submitted by a laboratory are reviewed by both NIST and CSE prior to certification.

CMVP stands for the Cryptographic Module Validation Program and encompasses validation testing for cryptographic modules and algorithms. The CMVP was established by NIST and the Communications Security Establishment (CSE) of the Government of Canada in July 1995.

NVLAP stands for the National Voluntary Laboratory Accreditation Program, a department within NIST that accredits laboratories.