FIPS 140-2 Cryptographic Module Testing Laboratory

    The COACT Laboratory offers vendors full service approach to meet all of the vendor’s testing needs including pre-validation consulting, documentation of evidence, evidence development, and validation assistance. Our goal is to assist you in obtaining a successful Federal Information Processing Standard (FIPS) 140-2 Cryptographic Module validation. We work with you through the entire process and keep you informed every step of the way. You know your product. We know the standard.

    Maintaining a relationship with you throughout the validation process is important to us. We are committed to customer satisfaction and to helping you achieve your objectives. Your success is our success.

    COACT offers the following services in support of your FIPS 140-2 validation:

    Pre-Validation Consulting. COACT provides a validation readiness assessment of the product prior to beginning the validation process. This assists the vendor in determining FIPS compliance of the product, the FIPS level to be attained, and the level of effort required to satisfy FIPS requirements. Pre-validation assessments can take many forms, depending on the vendor’s needs. They can range from a FIPS 140-2 instructional interview to a detailed gap analysis of the product and documentation requirements. COACT can arrange for both architectural design assistance and for documentation evidence development assistance.

    Documentation of Evidence. If the evidence necessary for a FIPS 140-2 validation has not yet been compiled, COACT can assist you with this. COACT can arrange consulting services that begin in the design stage or at any later time to assist you to design with FIPS compliance in mind and to assist in the creation of design documentation necessary to produce the FIPS required documentation.

    Evidence Development. There are standard evidence documentation requirements for a FIPS validation. COACT will explain the evidence requirements, and if you are not able to provide them, we can assist you in developing the appropriate evidence that your product requires. Evidence that COACT can assist develop include:

        • Non-proprietary Security Policy (SP)
        • Vendor Evidence DTR
        • Finite State Machine (FSM)
        • Physical Security Description
        • Application of Tamper Evident Labels
        • Source Code Listing for Crypto Module

    Algorithm Testing. COACT performs algorithm testing under the Cryptographic Algorithm Validation Program (CAVP). We test your product to ensure that your module(s) algorithms are properly implemented in accordance with the FIPS 140-2 requirements. Algorithm testing involves validation testing for only FIPS approved and NIST recommended cryptographic algorithms. The Cryptographic algorithm validation is a prerequisite to FIPS 140-2 testing. We document the results of the tests and include them in the CAVP Submission Package.

    Click here for a list of testable CAVP algorithms

    Validation Assistance. The COACT FIPS Laboratory is your representative to the Cryptographic Module Validation Program (CMVP) and we assist you to achieve your goals. We voice opinions on your behalf, conduct the appropriate testing, assemble the Submission Package. Once assembled, we submit all the required documentation to the CMVP. COACT interacts with CMVP on your behalf. We provide CMVP with responses to ancillary questions and resolve any discrepancies that may arise. Our goal is to help your product obtain a positive validation.

    Click here for a list of FIPS 140-2 FAQs


    Company Name *

    Name *

    Email Address *


    Your Message