Most security standards, including government standards, require cryptography. We are generally familiar with implementing a cryptographic algorithm that meets these requirements and calling it a day. However, to ensure security, NIST also publishes standards for validating encryption modules to ensure they serve their purpose under federal standards. 

Here, we’re discussing the Cryptographic Algorithm Validation Program and its relationship to closely related standards and programs, such as Federal Information Processing Standards and the National Voluntary Laboratory Accreditation Program. 

Read More

We’ve often focused on security and maintenance from the perspective of technology itself–specifically, how it is deployed and used by individuals in the real world. But, the truth is that assessments of security technologies don’t start when an enterprise deploys them. Rather, in cases of tech like cryptography modules and biometrics, it begins in the lab that creates them. And that’s where the National Voluntary Laboratory Accreditation Program comes in. 

This article discusses NVLAP and its vital function in enhancing the credibility of laboratories involved in testing and calibration. This includes using third-party assessment and rigorous standards to govern how labs protect and assure the products they produce.

Read More

In the evolving world of international IT infrastructure and security, it’s critical that organizations and regulatory bodies have a standard to assess technology effectively. A key player in the United States that works to uphold these standards is the National Information Assurance Partnership (NIAP).

NIAP manages the Common Criteria Evaluation and Validation Scheme (CCEVS) in the United States, ensuring commercial IT products meet robust, internationally recognized security standards. 

This article discusses the relationship between the NIAP and the management of Common Criteria standards in the US, including a discussion of some of those standards. 

Read More