FIPS 140 or more precisely 140-2 is the defacto standard to certify cryptography implemented in products. This certification is “tablestakes” to sell into most US Federal accounts. For example, the US Department of Defense (DoD) requires that all products use FIPS validated cryptography. If your product implements cryptography (and really what product now a days doesn’t!?!?!?), you need this certification to even qualify for US Federal RFPs. FIPS 140-2 has also proliferated into other verticals, like healthcare (HIPAA) and the financial industry.
We provide a full set of services for all of your cryptography validation needs. Starting with an optional gap analysis, our team of experts will work with you throughout the process until certification is complete and beyond. We know that getting certified is only the first step. The certification has no value if it does not translate into revenue. We will be available post certification for any questions raised by your potential customers. Our goal is to ensure you have the best possible experience while keeping costs low and timelines short. After all, it is the time to market that can be the difference between a big win and narrow loss.
In addition to full-fledged FIPS validation services, we also help our customers meet their certification goals using the vast experience our team has acquired over the years. We provide as much or as little support in your journey to getting your product FIPS certified as you need. We can do a thorough gap analysis of the product against FIPS 140-2 requirements, recommend the best approach to certification, draft documentation, interact with your FIPS laboratory, and also help your sales/marketing develop collateral highlighting FIPS certification of your product.
FIPS Gap Analysis
If you are trying to determine whether FIPS 140-2 certification is the right choice to tap into the US Federal market, a FIPS gap analysis is a good first step. Our team of experts will work with your team of experts to do a thorough analysis of your product, identify and explain any potential certification deficiencies, propose solutions and help chart out a path to success. In our experience, gap analysis is extremely valuable to set expectations, define roadmaps, and identify level of effort required. Should you decide to pursue Common Criteria and FIPS evaluation at the same time, we provide a combined approach to gap analysis so that your engineers do not get duplicative information or worse conflicting information. Its like the old saying goes, “A stitch in time saves nine.” Let Acumen be your tailor.