FIPS 140-2 Validation Support

The Cryptographic Module Validation Program (CMVP) does not allow an organization to do the FIPS 140-2 validation testing of a cryptographic module and create the required FIPS 140-2 documentation such as the Non-Proprietary Security Policy and the finite state model.  This restriction is outlined in “G.4 Design and testing of cryptographic modules” in Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program.  EWA-Canada can, however, subcontract FIPS validation support services to one of several capable organizations that provide these services.

If you already have a Cryptographic Module Testing (CMT) laboratory, EWA-Canada can provide FIPS validation support services which may include any combination of the following:

  • Cryptographic algorithm testing;
  • Documentation creation for the FIPS 140 validation;
  • Project management.; and/or
  • Directed training on FIPS 140-2 requirements, required documentation, the FIPS 140-2 validation process, etc.
Please Contact Us for further information.