Products

Services

Corporate

Labs

Careers


	Search

Security Testing and Evaluation Labs

		Cryptographic Equipment Assessment Laboratory
		Cryptographic Algorithm Testing CEAL Certified Modules FIPS 140-2 Overview FIPS 140-2 FAQ FIPS 140-2 Training Example Finite State Machine Security Testing Related Consulting Contact Information Legal Disclaimers

Security Evaluation Laboratory

Careers

Cryptographic Equipment
Assessment Laboratory (CEAL)

FIPS 140-2 Documentation Requirements

Below are the documents that the Vendor has to provide to the CEAL to assist the tester in testing the Cryptographic Module (CM). According to FIPS 140-2 DTR Appendix C, the Vendor is supposed to fulfill certain criteria in preparing a Security Policy. The documents submitted to the lab should meet the requirements as stated in Appendix A of the standard. The following are the list of documents:

Security Policy: The Security Policy should adhere to Appendix C of the FIPS 140-2 standard. A sample model copy of the Security Policy is provided here for reference. Please note that this is a reference and should not be construed as a standard requirement. The Security Policy would change depending on the module specifications.
Finite State Model
Crypto Officer and User guidance documents.
Copy of the Module: This is to test the module whether it complies with the eleven sections as described in the standard. If the module is a software only module, the vendor should supply the lab with source code or arrange for the tester to visit the vendor for source code review.

Privacy Statement

Legal

Cryptographic EquipmentAssessment Laboratory (CEAL)

FIPS 140-2 Documentation Requirements

Cryptographic Equipment
Assessment Laboratory (CEAL)