SAIC Accreditation Testing and Evaluation Laboratories

SAIC's Accreditation Testing and Evaluation (AT&E) Laboratories are certified to accredit, audit, evaluate, and test three IT security requirement standards: Common Criteria Testing (NIAP and CCEVS), Cryptographic and Security Testing (NIST FIPS 140-2, 201, and SCAP), and Payment Card Industry Data Security Standard (PCI DSS). SAIC AT&E is your single source for auditing, testing, and certification.

  • Payment Card Industry Data Security Standard Validation Laboratory
    The Payment card Industry (PCI) Data Security Standard (DSS) is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. This comprehensive standard is required by the major credit card issuers to help organizations proactively protect customer account data.
  • Common Criteria Testing Laboratory (CCTL)
    SAIC's CCTL provides a complete range of testing and support services, including initial assessments, security target creation, and CC evaluation at all Evaluation Assurance Levels (EAL) Levels 1-7. The CCTL also can provide documentation consulting and creation for all the required assurance documentation that includes user, design, delivery, configuration, and test.

  • Cryptographic and Security Testing Laboratory (CSTL)
    SAIC's CSTL provides a range of FIPS 140 testing and support services, including FIPS 140 validation testing, initial assessments, security policy documentation guidance, FIPS 140-2 cryptographic module testing for Security Levels 1-4, and algorithm validation testing. The CSTL also can provide documentation strategy and support for security policies, user and crypto-officer manuals, design documentation, design assurance, and attack mitigation.

    SAIC's CSTL also provides the full range of FIPS 201 testing and support services in support for PIV Middleware and Card Application as specified in NIST SP 800-85, PIV Middleware and PIV Card Application Conformance Test Guidelines (SP800-73 compliance).

  • SAIC's CSTL offers Secure Content Automation Protocol (SCAP) testing. The SAIC CSTL is one of the first laboratories accredited in this new security assurance program. The U.S. Office of Management and Budget mandated that government agencies use SCAP-validated tools as of February 1, 2008.
  • SCAP tests and monitors systems for security issues such as software deficiencies, configuration issues and other vulnerabilities. The testing helps to ensure that a computer's configuration is within the guidelines set by the Federal Desktop Core Configuration, a group of security-sensitive configuration settings developed by the National Institute of Standards and Technology (NIST) and the National Security Agency.
  • Security Development Lifecycle
    SAIC AT&E Laboratories has joined the Microsoft SDL Pro Network, a group of security consultants and trainers that specialize in application security and have substantial experience and expertise with the methodology and technologies of the Security Development Lifecycle (SDL). The Microsoft Security Development Lifecycle (SDL) is the industry-leading software security assurance process which was created by Microsoft in 2004 and has since led to measurable security improvements in flagship products.


SAIC Corporate Headquarters:
10260 Campus Point Drive
San Diego, CA 92121
www.saic.com

Products & Services Phone:
1-800-430-7629
+44 (0) 845 366 7242 in the UK
+44 (0) 1355 845526 all other European locations