One Stop Package Deal for Private Label ValidationsIf you haven't already, please read our FIPS 140-2 Notes page.
IMPORTANT NOTE: The addition of multiple new formal requirements since the #1747 validation was first approved in 2012, and recent unfavorable experiences with increasingly unpredictable outcomes from the validation process, have increased to the point where private label validations are no longer economically feasible for a small organization of limited means; the risk doesn't justify the substantial investment of time and money required to pursue new validations. As of 2015 we are no longer performing any private label validations. The addition of new platforms to the existing #1747 or comparable validations is still possible and those validation actions are still being performed.
The rest of this page is of historical interest only.
What It IsWe have found that one of the most popular commercial services offered by the OpenSSL Software Foundation is the private label validation. It's not a business we ever planned to be in, but as the originators of the source code based OpenSSL FIPS Object Module validations, and with lots of practice, we've gotten pretty good at it. The revenue we earn from these validations supports the OpenSSL project, and for some validations also results in useful additions to the OpenSSL baseline.
What You GetFor the total fixed price of as little as US$[TBD] we will obtain a Level 1 FIPS 140-2 validation in your name using the OpenSSL FIPS Object Module v2.0 for two common platforms using unmodified source code. A common platform is a computing device (hardware and operating system) that is available and familiar to us and the test lab(s). Examples of common platforms are:
Additional common platforms can be added to your validation for US$4000 (Linux/Unix/Android) or US$4500 (desktop/server Windows) each.
We will handle all interaction with the accredited testing lab and the CMVP. You sign one contract with the OSF with half of the price due as a down payment and the remainder due only when your certificate is posted by the CMVP.
Within two weeks of executing your contract with us, your pending validation will also appear on the pre-val list. The presence of your product on this list is sufficient to satisfy FIPS 140-2 requirements for some procurements.
This turnkey validation package is applicable in the following circumstances:
Note that we can still help you if not all of these circumstances apply, but we'll have to look at your specific situation more closely. Note minor software modifications can often be accommodated in a change letter modification.
Interested? Contact the OSF.