Modules In Process

The Cryptographic Module Validation Program (CMVP) FIPS 140-1 and Federal Information Processing Standard (FIPS) 140-2 Modules-In-Process list was discontinued in January 2008. As a service to its FIPS 140-2 clients, the SAIC Cryptographic and Security Testing Laboratory (CSTL) is now providing information for Modules In Process.

Participation on the Modules-In-Process list is voluntary and is a joint decision by the vendor and SAIC. Modules are listed alphabetically by name.Posting on the list does not imply guarantee of final FIPS 140-1 or FIPS 140-2 validation.

Modules In Process
Customer Module IUT Review Pending In Review Coordination Finalization
NitroSecurity
  1. Enterprise Security Manager (ESM)
  2. IPS Module
  3. Receiver Module

       
Asigra AsigraEncModule        
Access Data Access Data Secure Communications FIPS 140-2 Object Module        

Module Process Phases

According to the National Institute of Standards and Technology (NIST) and the CMVP, the following describes the FIPS 140-1 and FIPS 140-2 modules in process phases.

  1. Implementation Under Test (IUT)
    • There exists a viable contract between the vendor and Cryptographic Module Testing (CMT) Laboratory for the testing of the cryptographic module.
    • The cryptographic module is resident at the CMT laboratory.
    • All of the required documentation is resident at the CMT laboratory. (Note: if the vendor requires the CMT lab personnel to test the cryptographic module onsite, all documents must be onsite with the module.)
  2. Review Pending
    • A complete set of testing documents must be submitted to NIST and the The Communications Security Establishment (CSE) for review. The set includes: a draft certificate, summary module description, detailed test report, non-proprietary security policy, and website information. In addition, some CMT labs include a separate physical testing report.
    • Signed letter from laboratory stating recommendation for validation received by NIST and CSE is also required.
  3. In Review
    • NIST and CSE reviewers are assigned.
    • NIST and CSE perform a preliminary review of the test documents (if required). NIST and CSE perform a review of the test documents.
    • Comments coordinated by NIST and CSE reviewers and combined set of comments are sent to the CMT laboratory.
  4. Coordination (this process may be iterative)
    • Comments are received by the CMT laboratory from NIST and CSE for resolution.
    • Additional testing is conducted (if required).
    • Additional documentation is completed (if required).
    • Comments about resolution are developed for resubmission to NIST and CSE.
    • Testing documents are updated for resubmission to NIST and CSE.
    • Responses to comments and revised test documents are submitted to NIST and CSE.
  5. Finalization
    • Final resolution of validation review comments are submitted to NIST and CSE.
    • Testing documents are updated based on resolutions and submitted to NIST and CSE.
    • Certificate number is assigned.
    • Certificate printing and signature process is initiated.

 

Interested? Contact Us!


SAIC Corporate Headquarters:
10260 Campus Point Drive
San Diego, CA 92121
www.saic.com

Products & Services Phone:
1-800-430-7629
+44 (0) 845 366 7242 in the UK
+44 (0) 1355 845526 all other European locations