Cryptographic & Security Testing

The Gossamer Cryptographic and Security  Testing Laboratory performs FIPS 140 cryptographic module and cryptographic algorithm testing employing well-known Cryptographic Module Verification Program (CMVP) and  Cryptographic Algorithm Verification Program (CAVP) experts to address all of your cryptographic module and algorithm testing  needs.

The Gossamer  Cryptographic and Security Testing Laboratory has extensive experience in all facets of cryptographic module and algorithm certification.

We will work with you every step of the way, adjusting to your specific needs to develop the best approach to reach your goal successfully and efficiently.

While our primary function is to perform testing, we offer a range of services so that Gossamer can serve as a one-stop-shop toward getting CMVP and CAVP certificates.

Initial Assessments

The cryptographic (FIPS 140) testing process can be complicated and resource intensive. We can work with you to assess the best course for cryptographic module and algorithm testing of your product. We will help identify applicable requirements (e.g., algorithms and FIPS 140 level), review the readiness of the product to satisfy the requirements, explain the testing process, and estimate the time and effort required to complete the identified tests.

Security Policy Consolidation

Security Policies are required in order to complete cryptographic module (CMVP) testing. The Security Policy identifies the cryptographic module to be tested, along with its capabilities, limits, and other factors that serve to scope the testing effort. While as a testing laboratory we are not allowed to produce Security Policy documents through a process of creative writing, we are allowed to consolidate existing information sources into the required Security Policy document. We are experts at consolidating Security Policies suitable for CMVP testing and will not only work with you to produce the Security Policy for your product, but will maintain that Security Policy throughout the testing life-cycle.

Module and Algorithm Testing

In order to test products in the CMVP, an independent and accredited testing team must evaluate the required documentation and perform hands-on testing as directed by the FIPS 140 derived testing requirements. Similarly, the CAVP program requires that each identified algorithm be subject to tests available to the cryptographic and security testing laboratories. We have extensive experience in cryptographic testing and will work with you to get the job done while minimizing impacts on your own developers. Ultimately, the testing results must be approved by NVLAP and we will also work with them to make that process as smooth as possible to get your module and algorithm certificates as soon as possible.

Testing Consulting Support

While our Cryptographic and Security Testing Laboratory is accredited to perform CMVP and CAVP testing in order to obtain applicable product certificates, we offer additional support as may be needed including direct consulting support when dealing with another laboratory. Beyond consolidating Security Policies, we offer specialized training and help with the development of any other required design, guidance or test materials.