One Stop Package Deal for Private Label ValidationsIf you haven't already, please read our FIPS 140-2 Notes page.
IMPORTANT NOTE: The recent addition of new formal requirements has potentially complicated new private label validations, but as of August 2013 it appears such validations are again feasible. We'll be more certain of this once we've actually obtained a validation under the new rules.
What It IsWe have found that one of the most popular commercial services offered by the OpenSSL Software Foundation is the private label validation. It's not a business we ever planned to be in, but as the originators of the source code based OpenSSL FIPS Object Module validations, and with lots of practice, we've gotten pretty good at it. The revenue we earn from these validations supports the OpenSSL project, and for some validations also results in useful additions to the OpenSSL baseline.
What You GetFor the total fixed price of as little as US$[TBD] we will obtain a Level 1 FIPS 140-2 validation in your name using the OpenSSL FIPS Object Module v2.0 for two common platforms using unmodified source code. A common platform is a computing device (hardware and operating system) that is available and familiar to us and the test lab(s). Examples of common platforms are:
Additional common platforms can be added to your validation for US$4000 (Linux/Unix/Android) or US$4500 (desktop/server Windows) each.
We will handle all interaction with the accredited testing lab and the CMVP. You sign one contract with the OSF with half of the price due as a down payment and the remainder due only when your certificate is posted by the CMVP.
Within two weeks of executing your contract with us, your pending validation will also appear on the pre-val list. The presence of your product on this list is sufficient to satisfy FIPS 140-2 requirements for some procurements.
This turnkey validation package is applicable in the following circumstances:
Note that we can still help you if not all of these circumstances apply, but we'll have to look at your specific situation more closely. Note minor software modifications can often be accommodated in a change letter modification.
Interested? Contact the OSF.