FIPS 140-2/FIPS 140-3 Cryptographic Module Testing Laboratory

The COACT Laboratory (NVLAP Lab Code 200416-0) offers vendors full service approach to meet all the vendor’s testing needs including pre-validation consulting, documentation development and testing and validation assistance. Our goal is to assist you in getting your Cryptographic Module FIPS 140-2/FIPS 140-3 validated and listed on the Cryptographic Module Validation Program (CMVP) Validated Modules list. We work with you through the entire process and keep you informed every step of the way. You know your product. We know the standard.

Maintaining a relationship with you throughout the validation process is important to us. We are committed to customer satisfaction and to helping you achieve your objectives. Your success is our success.

COACT offers the following services in support of your FIPS 140-2/FIPS 140-3 validation:

Pre-Validation Consulting. COACT provides a validation readiness assessment of the product prior to beginning the validation process. This assists the vendor in determining FIPS compliance of the product, the FIPS level to be attained, and the level of effort required to satisfy FIPS requirements. Pre-validation assessments can take many forms, depending on the vendor’s needs. They can range from a FIPS 140-2/FIPS 140-3 instructional interview to a detailed gap analysis of the product and documentation requirements.

Documentation Development. COACT can assist you with developing the required documentation for a FIPS 140-2/FIPS 140-3 validation. There are standard evidence documentation requirements for a FIPS validation. COACT will explain the evidence requirements, and if you are not able to provide them, we can assist you in developing the appropriate documentation evidence that your product requires. Documentation evidence that COACT can assist in developing include:

  • Non-proprietary Security Policy (SP)
  • Vendor Evidence Derived Test Requirements (DTR)
  • Finite State Model (FSM)
  • Physical Security Description
  • Application of Tamper Evident Labels

Algorithm Testing. COACT performs algorithm testing under the Cryptographic Algorithm Validation Program (CAVP). We test your product to ensure that your module’s algorithms are properly implemented in accordance with the FIPS 140-2/FIPS 140-3 requirements. Algorithm testing involves validation testing for only FIPS approved and NIST recommended cryptographic algorithms. The cryptographic algorithm validation is a prerequisite to FIPS 140-2/FIPS 140-3 testing. We document the results of the tests and include them in the CAVP Submission Package to get your Algorithms validated.

Click here for a list of testable CAVP algorithms

Testing and Validation. The COACT Laboratory is your representative to the Cryptographic Module Validation Program (CMVP) and we assist you to achieve your goals. We voice opinions on your behalf, conduct the appropriate testing, perform documentation/source code reviews and assemble the Submission Package. Once assembled, we submit the package to the CMVP. COACT interacts with CMVP on your behalf. We provide CMVP with responses to ancillary questions/comments and resolve any discrepancies that may arise with your input. Our goal is to help your product obtain a positive outcome and get validated.

Click here for a list of FIPS 140-2/FIPS 140-3 FAQs
Click here for a list of FIPS 140 validations performed by COACT, Inc.