We’ve previously written about the importance of NVLAP Common Criteria accreditation for lab testing and validating products for use in high-risk industries. It’s probably unsurprising that we are markedly interested in cybersecurity labs’ requirements.
Here, we’re discussing NVLAP Common Criteria accreditation for cybersecurity labs–what it is, how it is unique for assessed labs, and some challenges you might face.
Government agencies (and their vendors and partners) are increasingly entrusted with sensitive data. Accordingly, protecting critical infrastructure and cybersecurity are both top priorities. The tools they use must come from time-tested and verified protocols to ensure they are secure and not tampered with. In turn, this means that these tools must come from labs that follow the strictest of requirements.
NVLAP Common Criteria certification serves as a valuable tool for governments to evaluate the security capabilities of IT products and systems before procurement.
Most security standards, including government standards, require cryptography. We are generally familiar with implementing a cryptographic algorithm that meets these requirements and calling it a day. However, to ensure security, NIST also publishes standards for validating encryption modules to ensure they serve their purpose under federal standards.
Here, we’re discussing the Cryptographic Algorithm Validation Program and its relationship to closely related standards and programs, such as Federal Information Processing Standards and the National Voluntary Laboratory Accreditation Program.