IT Security Certifications Assessment for FIPS 140-2, Common Criteria, and UC APLThe requirements for IT security certifications are constantly evolving. It can take exhaustive research and investigation to remain up-to-date to determine the right certification path for a given product. Corsec’s experts in requirements analysis have developed a perfected process that helps partners fully understand how the certification process will impact design, development, testing and implementation. The IT security certifications assessment provides clients with architectural requirements and regulations, a competitive environment report, a gap analysis and an understanding of how their product stands up to the competition in the marketplace.


IT Security Certifications Assessment for FIPS 140-2, Common Criteria and UC APL
SCHEDULE YOUR ASSESSMENT to gain a better understanding of the standards, requirements, key players, recommendations for organizational alignment, predicted timeline, product documentation requirements, as well as the recommendation for the path to IT security certifications.



The Certification Process
Typically, there are seven stages in the process for achieving IT security certifications. Organizations should understand the requirements, key players and costs, if any, for each of the following stages:


The first step to quickly and successfully achieving IT security certifications is significant up-front planning. Corsec helps product vendors understand and decide exactly which IT security certifications are most appropriate for their product, and then assists them with developing a strategy to attain those certifications efficiently and effectively.

Prior to beginning the certification process, Corsec paints a picture of the process as well as provides valuable information to help avoid costly missteps and to determine the best way forward:

  • The level of effort, in terms of time, resources and cost, that it will take to successfully achieve any and all IT security certifications
  • Expected return on investment
  • The benefits, risks and challenges of IT security certifications
  • Who the key players in IT security certifications are
  • How the various markets and drivers for IT security certifications work
  • What the company is trying to achieve with IT security certifications
  • Current market landscape, including customer requirements, competitive pressures, or any other drivers

Product Design Changes

Product design changes are often needed to meet different requirements of third-party IT security certifications and security validations. These modifications can often be very expensive and require changes and revisions to product roadmaps. Corsec’s Design Engineering Consulting Services team can provide guidance on the best and most efficient design for client products.

Documentation Creation and Engineering

Documentation is the cornerstone of all IT security certifications. For all IT security certifications there are unique requirements for documentation that must be written in a highly specialized manner and submitted to the testing laboratory for review. In addition, a complete validation usually includes algorithm testing (FIPS 140-2), test case development (Common Criteria), or STIG Testing (UC APL). Corsec’s Documentation Services address all documentation creation requirements, while the firm’s Engineering Services alleviate the burden of algorithm testing, test case development and STIG testing from clients’ internal teams.

Laboratory Testing

Third-party laboratories perform in-depth testing to ensure a product adheres to the rigorous standards of each security certification. They create a final, detailed report which is sent to the government oversight agency for review and certificate issuance. This stage of the process can last six to nine months. Corsec’s Enterprise Lab Services eliminate the management, headache and risk of mistakes often associated with first-time engagement of laboratory services.

Government Review

The government performs a final review of the laboratory documentation to guarantee the product meets applicable standards, and, in some cases, conducts its own testing. This stage of the process can take, on average, three to six months.

Certification Issuance and Maintenance

The complex and lengthy process concludes with the issuance of the security certification. It is important for product vendors to be aware, however, that most IT security certifications are version-specific; therefore, to ensure continuing benefit from the initial investment, an organization should understand the revalidation or recertification process for the standard in question. Corsec’s Maintenance & Compliance Services assess the best path forward for clients, with little to no disruption to their revenue stream.

Generating Positive ROI

In order to maximize its return on investment, it is critical that organizations have the marketing knowledge and the sales acumen to properly present new IT security certifications. Corsec can advise clients on ways in which they can promote their commitment to product security to prospects and clients, including:

  • Pitching stories to targeted media
  • Creating press releases
  • Attending and speaking at appropriate industry events
  • Developing a certification announcement strategy, including creating datasheets and blog posts or case studies
  • Coaching salespeople on effectively selling the product certification’s value
Call Corsec +1 703 267 6050