One Stop Package Deal for Private Label Validations

What It Is

What You Get

• Microsoft Windows (32 bit) on x86 hardware
• Microsoft Windows (64 bit) on x64 hardware
• Linux on 32 bit x86 hardware
• Linux (64 bit) on x64 hardware
• The Android operating system on some common smart phones using ARM processors
• HP-UX 11 on Itanium
• Solaris on x64 hardware

Additional common platforms can be added to your validation for US$1500 each.

This validation will also include Level 2 in the area of "Roles, Services, and Authentication" and Level 3 in the area of "Design Assurance" to satisfy the section 5a requirements of the May 21, 2009 Army "Letter to Industry". This additional requirement is a frequently requested option for private label validation.

We will handle all interaction with the accredited testing lab and the CMVP. You sign one contract with the OSF with half of the price due as a down payment and the remainder due only when your certificate is posted by the CMVP.

Within two weeks of executing your contract with us, your pending validation will also appear on the pre-val list. The presence of your product on this list is sufficient to satisfy FIPS 140-2 requirements for some procurements.

What Qualifies

This turnkey validation package is applicable in the following circumstances:

• You have already confirmed that the module generated from the OpenSSL FIPS Object Module v1.2 source distribution, or from a later OpenSSL 0.9.8x distribution, possibly with modifications, works on your platform(s).

• Your modifications to the OpenSSL source code, if any, are not "cryptographically significant". Roughly speaking, that means the modifications do not affect the actual cryptographic algorithms. Modifications for portability, such as changing #include statements or redefining macros, or changes to the build process such as new compiler or linker options, are generally acceptable.

• Your application does not require cross-compilation (the build system and the target platform can be the same system), or your cross-compiled platform is one for which the complete build process, including generation of the integrity test digest, is already known and tested.

• The actual platform, hardware and software, is either already available to the OSF and the lab or is supplied by you. We will need at least two complete sets of platform hardware and software for customer provided equipment. This equipment can be returned once the validation is awarded, though so far customers have preferred to leave that equipment with us for regression testing of future revisions.

• You have determined that the performance of the module is satisfactory on your specific target platform. We have made numerous performance enhancements since the original #1051 validation. Some of these can be easily incorporated into routine private label validations and some cannot.

• You start the validation in 2010. The reason for this qualification is that the rules change starting in 2011, see upcoming changes in the FIPS 140-2 validation requirements. We are confident that OpenSSL FIPS Object Module based validations of some type will still be possible post-2010, but there are enough uncertainties with the new guidelines to caution us against offering the same pricing at this time.

Note that we can still help you if not all of these circumstances apply, but we'll have to look at your specific situation more closely.