Thursday, July 23, 2020

atsec leading in Automated Cryptographic Validation Testing

With the sunset of the Cryptographic Algorithm Validation System (CAVS) at end of June 2020, algorithm testing for NIST and NIAP validations and evaluations must now be performed using the Automated Cryptographic Validation Testing System (ACVTS).

The list of issued CAVP certificates using ACVTS (i.e. the certificates prefixed with "A") illustrates that atsec is clearly in the leading position to help our customers obtain these certificates.

While 554 CAVP certificates prefixed with "A" have been issued [1], only 50 of those certificate requests have not been submitted by atsec. Thus more than 90% of all CAVP certificates resulting from ACVTS issued by NIST to date have been obtained by atsec on behalf of our customers. On top of that, NIST bundles multiple tests on different operational environments for the same module within one certificate. A large number of the certificates obtained by atsec demonstrates the complexity of having multiple different operational environments.

Therefore, when considering the amount of conducted testing, atsec is responsible for far more than 90% of all automated cryptographic algorithm testing.

With the full automation now in place, customers are able to receive new certificates or updates to existing ones - including new operational environments - in as little as one day. This ensures that the algorithm testing is less of a project risk.

[1] As of July 23 2020: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation-search?searchMode=validation&family=1&productType=-1&ipp=25

No comments:

Post a Comment

Comments are moderated with the goal of reducing spam. This means that there may be a delay before your comment shows up.