If you're a telecommunications hardware or software vendor and you want to market your products to the US Department of Defense or various Federal government security agencies, you will no doubt encounter the NSTISSP-11 policy requirements.
Issued in July 2003, these policies recognized that COTS (Commercial Off-the-Shelf) IT products often can meet the communications security equipment needs of DoD and Federal agencies and organizations. However, they require that such products be validated under the internationally recognized Common Criteria Certification (CCC) program scheme. In addition, the Ministry of Defence in the UK, Germany, Italy, Australia, and other countries also require CCC validation for many IT products. If your product utilizes encryption, it will likely require validation of its cryptographic module under Federal Information Processing Standards security requirements (FIPS 140-2). We can help you with preparation of the Security Policy, Derived Test Results (DTR), Finite State Machine (FSM), and other required documentation to submit to your NVLAP test lab of choice.
If you're wondering how to meet these CCC or FIPS 140-2 validation requirements and get your products through the rigorous documentation and testing that are required, NetGreen Consulting, Inc. can help. We've worked with a number of Test Labs, evaluators and validators, and have led successful projects to provide the documentation and test plans needed to obtain a CC Certificate or FIPS Validation.
We also have connections with experienced companies that can help get your products and services into US Federal agencies and the DoD for evaluation and purchase. You can leverage our association with companies like FedCentric Technologies and JVX Systems to help break through the bureaucratic red tape and obtain that big contract with a US government agency.
Past and current CCC or FIPS projects include:
|
