Gossamer is an accredited Cryptographic and Security Testing Laboratory (http://csrc.nist.gov/groups/STM/testing_labs/) based on the Federal Information Processing Standard (FIPS) founded by experts in the cryptographic testing field. Using our extensive experience, we can lead the way to a cost effective and timely FIPS certification.
Initial Assessments
The cryptographic (FIPS 140) testing process can be complicated and resource intensive. We can work with you to assess the best course for cryptographic module and algorithm testing of your product. We will help identify applicable requirements (e.g., algorithms and FIPS 140 level), review the readiness of the product to satisfy the requirements, explain the testing process, and estimate the time and effort required to complete the identified tests.
Security Policy Consolidation
Security Policies are required in order to complete cryptographic module validation program (CMVP) testing. The Security Policy identifies the cryptographic module to be tested, along with its capabilities, limits, and other factors that serve to scope the testing effort. While as a testing laboratory we are not allowed to produce Security Policy documents through a process of creative writing, we are allowed to consolidate existing information sources into the required Security Policy document. We are experts at consolidating Security Policies suitable for CMVP testing and will not only work with you to produce the Security Policy for your product, but will maintain that Security Policy throughout the testing life-cycle.
Module and Algorithm Testing
In order to test products in the CMVP, an independent and accredited testing team must evaluate the required documentation and perform hands-on testing as directed by the FIPS 140 derived testing requirements. Similarly, the CAVP program requires that each identified algorithm be subject to tests available to the cryptographic and security testing laboratories. We have extensive experience in cryptographic testing and will work with you to get the job done while minimizing impacts on your developers. Ultimately, the testing results must be approved by NIST and we will also work with them to make that process as smooth as possible to get your module and algorithm certificates.
Testing Consulting Support
While our Cryptographic and Security Testing Laboratory is accredited to perform CMVP and CAVP testing in order to obtain applicable product certificates, we offer additional support as may be needed including direct consulting support when dealing with another laboratory. Beyond consolidating Security Policies, we offer specialized training and help with the development of any other required design, guidance or test materials.
