Links

Common Criteria

There is a comprehensive Common Criteria site at www.commoncriteriaportal.org.

The US scheme website is CCEVS.

The UK scheme website is CESG.

FIPS 140-2

NIST have all the information that you could possible need. The FIPS 140-2 standard and related documents can be found through the following links:

NIST Cryptographic Validation Program. An introduction to the program.

FIPS 140-2 standard for the actual standard, derived test requirements, implementation guidance, etc. Well worth a read if you have the time. If not, you can always make do with our FIPS 140-2 overview.

The Derived Test Requirements (DTR) take the requirements that are laid down in the FIPS 140-2 standard and, as the name suggests, derive tests from them. These tests are then used to verify conformance of a product to the standard. Having such tests freely available allows a developer to easily check a product before submission.

Implementation Guidance for FIPS PUB 140-2 provides assistance in certain areas (such as how cryptographic algorithms are used or how diagnostic tests are performed) governed by international standards or long established precedence. Failure to heed this guidance can be costly.

FIPS 140-2 validated modules. If you require an off the shelf cryptographic module, this is the place to look.

There are a number of NVLAP-accredited Cryptographic Module Testing laboratories. Rycombe is happy to work with any of these labs, but we have recent experience of the following organisations: Cygnacom, Atlan, COACT, Domus, Infogard, BT.