Cryptographic Equipment
Assessment Laboratory (CEAL)

CEAL Legal Disclaimers

FIPS 140-2 Conformance Testing Disclaimers
The CEAL tests products for conformance with the "Federal Information Processing Standards Publication 140-2: Security Requirements for Cryptographic Modules", and applies the criterion described in "Derived Test Requirement for FIPS PUB 140-2, Security Requirements for Cryptographic Modules". The CEAL performs these tasks under the rules and guidelines of the National Voluntary Laboratory Accreditation Program (NVLAP) and the CEAL quality procedures. The CEAL does not certify products for conformance to FIPS 140-2. The National Institute of Standards and Technologies (NIST), which is a part of the U.S. Department of Commerce, and the Communications Security Establishment Canada (CSEC), which is a part of the Canadian Government issue certifications.

Neither CygnaCom Solutions, Inc. nor the CEAL makes any warranties, expressed or implied, as to the fitness, merchantability, or absolute security of products that have been tested by the CEAL. It is eminently possible that products that have been tested by the CEAL, (whether or not they have been certified by NIST or CSEC), contain critical security flaws that are not discovered as part of FIPS 140-2 conformance testing.

For this reason, neither CygnaCom Solutions, Inc. nor the CEAL assumes any liability for damages arising from the use or misuse of products tested by the CEAL for FIPS 140-2 conformance.

CygnaCom Solutions, Inc. and the CEAL will not be liable for any loss, damage, or incidental or consequential damages of any kind, including without limitation, damages resulting from faulty module security, results of CEAL testing, or module flaws not uncovered by CEAL FIPS 140-2 conformance testing.

Cryptographic Algorithm Conformance Testing Disclaimer
The CEAL tests implementations of cryptographic algorithms for conformance with published Federal Information Processing Standards. The CEAL performs these tasks under the rules and guidelines of the National Voluntary Laboratory Accreditation Program (NVLAP) and the CEAL quality procedures. The CEAL does not certify algorithm implementations for conformance to FIPS. The National Institute of Standards and Technologies (NIST), which is a part of the U.S. Department of Commerce, and the Communications Security Establishment Canada (CSEC), which is a part of the Canadian Government issue certifications.

For this reason, neither CygnaCom Solutions, Inc. nor the CEAL assumes any liability for damages arising from the use or misuse of products tested by the CEAL for cryptographic algorithm conformance.

Standard Disclaimer (From FIPS PUB 140-2)
"The security requirements specified in this standard are based upon information provided by many sources within the Federal government and private industry. The requirements are designed to protect against adversaries mounting cost-effective attacks on unclassified government or commercial data (e.g., hackers, organized crime, economic competitors). The primary goal in designing an effective security system is to make the cost of any attack greater than the possible payoff.

While the security requirements specified in this standard are intended to maintain the security of a cryptographic module, conformance to this standard does not guarantee that a particular module is secure. It is the responsibility of the manufacturer of a cryptographic module to build the module in a secure manner.

Similarly, the use of a cryptographic module that conforms to this standard in an overall system does not guarantee the security of the overall system. The responsible authority in each agency shall assure that an overall system provides and acceptable level of security."

Cryptographic EquipmentAssessment Laboratory (CEAL)

CEAL Legal Disclaimers

Cryptographic Equipment
Assessment Laboratory (CEAL)