UL recognizes the importance that FIPS certificates hold for our customers and the vital role that both the Cryptographic Module Validation Program (CMVP) and the Federal Information Processing Standards (FIPS) requirements have in the IT security industry. As such, we aim to test your products efficiently while conducting our services with the highest level of integrity. Having performed testing for more than 1,000 validations over 25 years, UL has the skill and experience to offer vendors world-class services while obtaining FIPS validations.
Our services can start as early as your development processes, where we can assist your team in incorporating FIPS compliance into the design of your products. This approach helps mitigate risk by identifying compliance gaps early on. Identifying issues early means solutions can be discussed and planned. Testing methodology is provided in advance, assisting your certification team in planning accordingly, and our experts track scheduling closely to help ensure our progress is in step with your development and test targets.
UL Verification Services Inc. is accredited by NVLAP (Laboratory Code 100432-0) for test methods for both FIPS 140-2 and FIPS 140-3, and for testing of approved security functions, including algorithm testing for the Cryptographic Algorithm Validation Program (CAVP).
Demonstrate the compliance of your cryptographic modules to FIPS 140-2 or 140-3 with UL’s comprehensive validation and testing services. UL can support you at various stages throughout the process, from design assessment to validation test report submission. Our FIPS Validation testing process includes:
- Strategy and planning
- Gap analysis
Services prior to validation
- Product profile workshop
- Documentation workshop
- Preliminary assessment
Cryptographic Algorithm Validation Program (CAVP) algorithm testing services
- Cryptographic Algorithm Testing using NIST’s Automated Cryptographic Validation protocol
FIPS 140 Validation and Revalidation testing services
- Design assessment
- Source code review
- Physical security testing
- Operational testing
- Entropy assessment (SP 800-90B)
- Extensive technical and quality reviews
- Coordination with the CMVP to ensure that your report goes through the validation process as smoothly as possible.
- Embedded “FIPS Inside” module compliance review
- Original equipment manufacturer (OEM) validation services
Post validation support
- Monitor changes to the validation program requirements and update vendors on changes to the program or standard through implementation guidance issues by CMVP.
- As the industry’s most experienced FIPS laboratory, UL has tested more cryptographic modules of all types and security levels than any other laboratory. We have the requisite experience to produce high-quality results on time and on budget.
- With personnel located in the United States and internationally, UL can serve customers across the globe.
- UL is a comprehensive service provider for many of our customers as we offer a wide range of Certifications, such as Common Criteria, Personal Identity Verification (PIV) and a variety of other validations to address your certification needs.
- We can help test products during their development stages so that those products can demonstrate compliance with the required standards in order to reach the market.
- We have multiple teams specializing in specific areas of testing such as physical security testing, algorithm testing and entropy assessment, making our experience in each area unparalleled.
- Multiple teams simultaneously perform your validation test activities, reducing validation completion time.
- Our security engineers and management played an integral role in the development of the FIPS 140 standards, the Implementation Guidance, and the SP 800-90A and SP 800-90B entropy requirements. Consequently, our laboratory understands the intent of the standards requirements and how to achieve compliance.
- The depth and scope of UL’s analysis and robust processes can contribute to achieving a better product.