Important News:SafeLogic's CryptoComply Achieves FIPS 140-3 Validation for 28 OEs and Receives Certificate #4781! Read the blog post!
The SafeLogic Blog
If Time Equals Money...
March 28, 2013 •Wes Higaki
Last week, we eulogized the Private Label program from the OpenSSL Software Foundation, but we promised to explain why we aren’t really upset. Those reasons are led by concerns surrounding timeline.
Traditionally, it has taken a year or more to complete a FIPS 140-2 validation. In fact, we’ve personally seen validations take 16 months. In that time, you could miss out on a lot of potential revenue. When FIPS validation is a requirement, your buyers’ hands are tied and your technical features and competitive advantages are moot. Customers will select another product rather than wait a year.
Why does it take so long? It can take a couple of months to gather the information to document your crypto module. Then, an accredited testing lab takes another few months to check the evidence and run their tests. Their test report is sent to the Cryptographic Module Validation Program (CMVP). Waiting for an available CMVP certifier to review the report can take several more months. Finally, the certifier will ask some questions of the testing lab before finally approving the validation, assuming that the responses are satisfactory. Each step has unique bottlenecks and the process is extremely impacted from end to end. As you can imagine, any issues could easily incur setbacks measured in weeks, not days. To top it all off, that didn’t even factor in the time your team spent installing and testing the crypto module in the first place.
Integrating CryptoComply into your application gives you an instantly compliant solution because CryptoComply already has a FIPS 140-2 validation. Along with the crypto library software, SafeLogic has developed tools and documentation to make integrating CryptoComply into your mobile and server applications easier and quicker.
The net result is that by using SafeLogic’s validated encryption module, your compliance can be verified, so customer responses are extremely positive. Buyers with a FIPS 140-2 requirement can begin a pilot program immediately, opening many sales opportunities while your competitors are waiting in the CMVP queue.
If you choose to pursue a FIPS validation certificate, the initial steps are accelerated thanks to CryptoComply’s ease of installation. Not only that, but customers can proceed in good faith, knowing that your product is already verifiable as compliant. This keeps your sales from grinding to a halt while the CMVP completes the process.
If you are in this category and a FIPS certificate is in your future, be sure to read next week’s post, discussing how RapidCert can slash the timeline even further!
Wes Higaki
Wes Higaki was a co-Founder of SafeLogic. Wes has over 30 years of technical and managerial experience in the software industry and received a BS in mathematics from UC Davis and a Master’s in CS from the University of Santa Clara. He is now retired and focused on writing fiction.
Popular Posts
Search for posts
Tags
- FIPS 140 (111)
- FIPS validation (85)
- Encryption (70)
- cryptography (68)
- NIST (62)
- CryptoComply (60)
- SafeLogic (58)
- Industry News (54)
- cryptographic module (51)
- Conversations (49)
- CMVP (48)
- RapidCert (46)
- compliance (41)
- Ray Potter (33)
- SafeLogic News (33)
- Event (27)
- federal (27)
- CAVP (23)
- Cybersecurity (23)
- FIPS 140-3 (18)
- OpenSSL (16)
- government (14)
- FedRAMP (13)
- CryptoCompact (12)
- Cryptology (12)
- DoD (12)
- RSA (12)
- healthcare (12)
- partners (12)
- NSA (11)
- post-quantum cryptography (11)
- Cloud (9)
- PQC (9)
- security (9)
- CMMC (8)
- Suite B (8)
- testing (8)
- whitepaper (8)
- Approved Products List (APL) (6)
- HITECH (6)
- ICMC (6)
- lab (6)
- CEO (5)
- NIST 800-171 (5)
- NIST 800-53 (5)
- OpenSSL 3.0 (5)
- iOS (5)
- procurement (5)
- C3PAO (4)
- Common Criteria (4)
- HITECH Act (4)
- deadline (4)
- encrypt (4)
- innovation (4)
- procure (4)
- public sector (4)
- Air Force (3)
- BSAFE (3)
- DFARS (3)
- HIPAA Safe Harbor (3)
- HITECH Safe Harbor (3)
- OpenSSL 1.1.1 (3)
- OpenSSL 3.x (3)
- POA&M (3)
- TLS 1.3 (3)
- magazine (3)
- queue (3)
- transition (3)
- 3PAO (2)
- ACVP (2)
- BAA (2)
- CIO (2)
- CSP (2)
- Cyber Defense Magazine (2)
- Defense Industrial Base (2)
- HIPAA security controls (2)
- Historical Status (2)
- MFA (2)
- OpenSSL 1.0.2 (2)
- SPRS (2)
- StateRAMP (2)
- entropy (2)
- excellence (2)
- finance (2)
- founder (2)
- gold (2)
- leader (2)
- maturity (2)
- overlap (2)
- pilot (2)
- rsa conference (2)
- solution (2)
- sponsors (2)
- sunset (2)
- vendor (2)
- year (2)
- Active Status (1)
- Alliance for Digital Innovation (1)
- Android (1)
- CIO Prime Views (1)
- DHS (1)
- DIU (1)
- DIUx (1)
- DOJ (1)
- DoDIN APL (1)
- Entropy Source Validation (1)
- FCA (1)
- FIPS Compliance (1)
- FISMA (1)
- GSA (1)
- HITRUST (1)
- Matt Cornelius (1)
- Matthew Cornelius (1)
- Maturity Model (1)
- NCCoE (1)
- OMB (1)
- SLED (1)
- SP800-131A (1)
- SP800-90A (1)
- TLS 1.1 (1)
- background (1)
- best (1)
- co-founder (1)
- codies (1)
- congress (1)
- cybertech (1)
- education (1)
- elliptic curve cryptography (1)
- extended (1)
- faq (1)
- fintech (1)
- fiscal (1)
- fiscal year (1)
- fraud (1)
- globee (1)
- hill (1)
- interview (1)
- kratos (1)
- libgcrypt (1)
- national cybersecurity strategy (1)
- opportunities (1)
- parallel (1)
- profile (1)
- public (1)
- representatives (1)
- reseller (1)
- senate (1)
- senators (1)
- simplify (1)
- state (1)
- stealth mode (1)
- story (1)
- terminology (1)
- trophy (1)
- whistleblower (1)
- whistleblowing (1)