Rycombe Consulting logo


* Common Criteria

There is a comprehensive Common Criteria site at www.commoncriteriaportal.org.

* FIPS 140-2

NIST have all the information that you could possible need. The FIPS 140-2 standard and related documents can be found through the following links:

NIST Cryptographic Module Validation Program. An introduction to the program.

FIPS PUB 140-2 The actual standard. Well worth a read if you have the time. If not, you can always make do with our FIPS 140-2 overview.

Derived Test Requirements (DTR) for FIPS PUB 140-2. The DTRs take the requirements that are laid down in the standard and, as the name suggests, derive tests from them. These tests are then used to verify conformance of a product to the standard. Having such tests freely available allows a developer to easily check a product before submission.

Implementation Guidance for FIPS PUB 140-2. This document provides assistance in certain areas (such as how cryptographic algorithms are used or how diagnostic tests are performed) governed by international standards or long established precedence. Failure to heed this guidance can be costly.

FIPS 140-2 validated modules. If you require an off the shelf cryptographic module, this is the place to look.

There are a number of NVLAP-accredited Cryptographic Module Testing laboratories. Rycombe is happy to work with any of these organisations. The full list is available from the CMVP website. Laboratories that we have worked with recently include: EWA - Canada, Leidos, Infogard, and CSC.

Rycombe Consulting 1999-2020. All Rights Reserved.