FIPS 140-2 is the de-facto standard to certify cryptography implemented in ICT products. This compliance is “table stakes” to sell into most US Federal accounts. Over the last few years, as FIPS 140-2 validation has become complicated, product vendors have shifted from validating complete solutions to integrating FIPS validated cryptographic modules available commercially off the shelf or open source solutions. This is helpful from a cost and time to market perspective. However just integrating a FIPS validated cryptographic module doesn’t make the overall solution FIPS compliant. This is where Acumen’s FIPS Compliance Audit service comes in. As part of this service, Acumen will perform a thorough review of your solution, ensuring the validated cryptographic module is being operated in a FIPS compliant manner and that the claims of FIPS compliance are accurate. Once this is complete, Acumen will provide a letter of FIPS compliance that will detail the claims made. This letter is helpful in exhibiting to your customers that your product/solution is in fact FIPS compliant and vetted by a third party.
- Gap Analysis and Strategy Workshop
- Design Consulting
- Evaluation Services
- Post-Certification Support