The Acumen Library

Are you new to certifications? Or perhaps a seasoned veteran? Our Library provides a one stop shop for not only the standard resources any company required to pursue certifications needs, but also, the analysis and impact the ever evolving standards will have on vendors that must maintain a certified offering. The library is always updated when new requirements are introduced and also periodically as we identify topics of interest to vendors. In short, the Acumen Library is here to make the vendors life easier.

Common Criteria

White Papers:

Standard Resources:

  • NIAP Product Compliant List: This is the official list of products that have either been validated or vetted by the NIAP.  This is a great resource for either pointing your customers to your CC certificate or figuring out what your competitor has already certified.
  • NIAP Products In-Evaluation List: This links to the official list of products in the process of being evaluated in the US CC scheme. Like the previous link, this is a great resource to figure out who is currently doing what or to prove to your customer that you are in the process of testing.
  • NIAP Approved Protection Profiles: This provides a complete list of all NIAP approved Protection Profiles and NIAP Protection Profiles in the process of development. This is very important since it defines the requirements a product needs to meet to be certified.
  • Common Criteria User Forum: The CC user forum is a organization comprised of all parties interested in participation and development of Common Criteria including End Users, Laboratories, and Governments.
  • Common Criteria Portal: This is the international home of the Common Criteria. This provides links to all of the Common Criteria certification schemes, all of the products evaluated in all of the schemes, and the latest news in the industry.
  • CC Standard Documentation: This provides links to all of the Common Criteria documentation. Be forewarned, it is an extensive list, so, expect to be flooded with information.

FIPS 140-2

White Papers:

Standard Resources:

  • Module Validation List: This links to the official list of all FIPS 140 validated modules. This is a great resource for either pointing your customers to your FIPS 140 certificate or figuring out what your competitor has already certified.
  • Module In Process List: This links to the official list of cryptographic modules in the process of being validated. Like the previous link, this is a great resource to figure out who is currently doing what or to prove to your customer that you are in the process of testing. Note: Inclusion in the list is optional, so there may be additional products being tested.
  • CMVP Derived Test Requirements: This document provides a detailed description of all of the FIPS 140-2 testing requirements.
  • FIPS 140-2 Implementation Guidance: This document provides the latest FIPS 140 requirement interpretations. This document is very important because it is the method in which the standard has evolved over the years.
  • FIPS 140-2 Standard: This is the actual FIPS 140-2 standard. It provides a ton of information, including, an overview of the structure of the standard and a high-level description of all of the requirements.

SCAP

Standard Resources:

  • SCAP Validated Products: This links to the official list of all SCAP validated products and the capabilities validated for each product. This is a great resource for either pointing your customers to your validation or figuring out what your competitor has already certified.
  • SCAP Specifications: SCAP itself is an envelope standard encompassing multiple other standards. This provides a list all the standards and the test requirements for SCAP itself.