The Acumen Library
Are you new to certifications? Or perhaps a seasoned veteran? Our Library provides a one stop shop for not only the standard resources any company required to pursue certifications needs, but also, the analysis and impact the ever evolving standards will have on vendors that must maintain a certified offering. The library is always updated when new requirements are introduced and also periodically as we identify topics of interest to vendors. In short, the Acumen Library is here to make the vendors life easier.
- What is Suite-B Cryptography and How Does it Relate to Government Certifications?: This paper will provide a high-level introduction to Suite-B cryptography, discuss how Suite-B relates to government certifications, and specifically address Suite-B requirements for commonly certified services, such as, TLS, SSH, and IKE/IPsec.
- The NDcPP is Here: What Does it Mean and What Should You Expect?: This paper will provide a high-level identification of the differences between the NIAP NDPP and the international NDcPP, and discuss some strategies to help product vendors ease the transition from NDPP to NDcPP.
- NIAP Product Compliant List: This is the official list of products that have either been validated or vetted by the NIAP. This is a great resource for either pointing your customers to your CC certificate or figuring out what your competitor has already certified.
- NIAP Products In-Evaluation List: This links to the official list of products in the process of being evaluated in the US CC scheme. Like the previous link, this is a great resource to figure out who is currently doing what or to prove to your customer that you are in the process of testing.
- NIAP Approved Protection Profiles: This provides a complete list of all NIAP approved Protection Profiles and NIAP Protection Profiles in the process of development. This is very important since it defines the requirements a product needs to meet to be certified.
- Common Criteria User Forum: The CC user forum is a organization comprised of all parties interested in participation and development of Common Criteria including End Users, Laboratories, and Governments.
- Common Criteria Portal: This is the international home of the Common Criteria. This provides links to all of the Common Criteria certification schemes, all of the products evaluated in all of the schemes, and the latest news in the industry.
- CC Standard Documentation: This provides links to all of the Common Criteria documentation. Be forewarned, it is an extensive list, so, expect to be flooded with information.
- FIPS 140-Next is coming: What does it mean and what are you going to do?: This paper will look at the likely successor to FIPS 140-2, identify the differences between the two standards, and discuss some strategies to help product vendors ease the transition from FIPS 140-2 to FIPS 140-Next.
- Module Validation List: This links to the official list of all FIPS 140 validated modules. This is a great resource for either pointing your customers to your FIPS 140 certificate or figuring out what your competitor has already certified.
- Module In Process List: This links to the official list of cryptographic modules in the process of being validated. Like the previous link, this is a great resource to figure out who is currently doing what or to prove to your customer that you are in the process of testing. Note: Inclusion in the list is optional, so there may be additional products being tested.
- CMVP Derived Test Requirements: This document provides a detailed description of all of the FIPS 140-2 testing requirements.
- FIPS 140-2 Implementation Guidance: This document provides the latest FIPS 140 requirement interpretations. This document is very important because it is the method in which the standard has evolved over the years.
- FIPS 140-2 Standard: This is the actual FIPS 140-2 standard. It provides a ton of information, including, an overview of the structure of the standard and a high-level description of all of the requirements.
- SCAP Validated Products: This links to the official list of all SCAP validated products and the capabilities validated for each product. This is a great resource for either pointing your customers to your validation or figuring out what your competitor has already certified.
- SCAP Specifications: SCAP itself is an envelope standard encompassing multiple other standards. This provides a list all the standards and the test requirements for SCAP itself.