FIPS 140-2 Documentation

Red_Slate_MountainDeveloping all the documentation required to meet FIPS 140-2 can be an annoying burden for vendors. Trusting your FIPS documentation development to RAI has advantages.

Efficiency. RAI knows what is needed and can deliver this to labs on an expedited schedule if needed.

Cost. Your staff is free to focus on delivering your product without being diverted to a highly specialized project with the expense of a steep learning curve and lost development time.

Since 2001, RAI has helped many customers achieve FIPS 140-2 by developing their FIPS documentation. RAI experience ranges from FIPS Level 1 to FIPS Level 3 with many hardware and software cryptographic modules including:

software libraries, smartcards,  VPNs, network and data encryptors, embedded software cryptographic modules, encrypting software drivers, and authentication applications.

To satisfy FIPS requirements, your module must include specialized evidence documentation.

Security Policy A publically available formal specification defining your cryptographic module according to FIPS 140-2 . Your validated security policy is posted on the CMVP website along with your module FIPS validation certificate.
Finite State Machine A specification of all operational and error states of a cryptographic module and all state transitions.
Design Assurance A specification of your configuration management, development correspondence, delivery and operation, and operator guidance.
Vendor Evidence Point-by point descriptions of how your cryptographic module satisfies each FIPS requirement.

RAI works with your chosen FIPS evaluation lab to develop all required documentation. RAI has worked with many FIPS labs on an array of FIPS evaluations and is very familiar with their processes.

Click here for a summary of FIPS 140-2 requirements.