Case Study » Obtaining a Government Encryption Certification for a Commercial Client
Our client's intent was to obtain government encryption certification of products in order to obtain product approval in the government space and increase investor confidence in company market share.
The lack of understanding with respect to the National Institute of Technologies (NIST) Federal Information Processing Standards (FIPS) facilitated a review of requirements and status verification of client hardware, software, and hybrid (combined) products. The review, audit, and verification of all high and low level documentation to include Security Policies, Schematics, Electrical and Asset documentation, Design Specifications, Key Management and requirements documentation. This review and gap analysis determined the shortfalls in compliance and threatened the approval of client products based on NIST standards.
Extensive testing was performed on the product to ensure NIST encryption standards are being met and upheld. Auditing and validation of encryption algorithms and implementations was performed to ensure the mathematical components of the product would sufficiently obfuscate data being processed, in transit, or at rest. Functional testing was performed in order to ensure the product sufficiently performed duties as programmed. Physical testing was performed to ensure tampering and other malicious activities could be deterred, prevented, and detected to include chemical, temperature, and probing activities. Performance testing was achieved in order to verify the product was resistant and compliant with stress, overflow, and denial of service activities. In addition, all documentation was modified to achieve FIPS compliance and submitted for review and approval by the NIST governing body.
Movel has broad expertise in cybersecurity, thread assessment and management and is an expert in application development security. We were chosen due to the domain and technical expertise and the cyber qualifications of our team.
The services provided successfully facilitated client receipt of the NIST FIPS 140-2 certification and allowed the companies to market products and services to government agencies. The certification also allowed the client to provide assurance to investors and other companies of future growth, market vision, and an increase in company capabilities.