• General Information
• Training
• Algorithm Testing
• FIPS 140-2 Validation Process
• FIPS 140-2 Design
• FIPS 140-2 Howto
• Power Analysis Attacks

Register to Get Free FIPS 140-2 & 140-3 Book!

Please provide your contact information here and we will mail you a free FIPS 140-2 & 140-3 book!

General Information

Aspect Labs is a NVLAP accredited laboratory which performs testing against the FIPS 140-2 standard, Security Requirements for Cryptographic Modules. We also perform preliminary consulting on the upcoming FIPS 140-3 standard, which is soon to be adopted by NIST. Information on our team and clients is provided here.

100% of the products tested by our lab have achieved FIPS 140-2 validation.

Our NVLAP accredited testing services include:

• FIPS 140-2 testing of cryptographic modules at Security Levels 1 to 4.
• CAVP (Cryptographic Algorithm Validation Program) testing of algorithm implementations.
• PIV testing of SmartCard modules.

Our consulting and engineering services include:

• Design of FIPS 140-2 and FIPS 140-3 Submission Package.
• FIPS 140-2 and 140-3 Product Design and Engineering
• PIV Product Design and Engineering
• FIPS 140-2, 140-3 and PIV training
• Testing and Countermeasure Design for Side Channel Attacks, Differential Power Analysis, Electromagnetic Analysis

We offer fixed price quotes for all our services.

Our testing style differs significantly from other labs. We usually spend a lot of time working face-to-face with the engineers on the customer site, something that other labs rarely do. Many of our customers are located in San Francisco Bay area, within a short drive from our Santa Clara office.

FIPS 140-2 validation process is a complex and time-consuming task. The FIPS 140-2 standard is a publication that specifies security requirements in generic terms. Application and interpretation of the FIPS 140-2 standard to a particular product includes a process of interpretations and negotiations. This process includes the vendor, the lab, and the CMVP validation team. When the test report is submitted to the CMVP it is almost never accepted from the first submission. Normally, the CMVP will generate a list of deficiencies. It is then up to the vendor and the lab to fix the deficiencies, as well as successfully negotiate with the CMVP intepretations of the FIPS 140-2 standard as applied to the product. The speed and the overall success of this process hugely depends on the proficiency and experience of the lab. In some way the validation process is similar to filing a patent application. If you want to get your patent approved within a reasonable amount of time you need to find a good patent attorney. One of the roles that the lab plays is being your representative in negotiations and discussions with the CMVP. Therefore, it is critically important for you to find a good lab that understands your product and has enough experience and will to successfully and timely complete the FIPS 140-2 testing process.