Carolyn French, Manager Cryptographic Module Validation Program, Canadian Centre for Cyber Security, Canada; Renaudt Nunez, IT Security Consultant, atsec, United States
The working group will work towards a recommendation in the form ofa draft Implementation Guidance (IG) to the CMVP..Vendors often want to submit multiple hardware modules in the same report, and therefore on the same certificate. Under what conditions can the lab perform limited operational testing on the group of modules and still provide assurance that the right testing has happened?
The basic assumption is that IG 1.22 is already met (same crypto), but may have different number of cards, chips, memory config, etc. For example, if you changed from solid state drive to classic hard disk... did you really need to do more testing? Same for things like field replaceable and stationary accessories.
The draft IG is out and they are looking for reviewers.
No comments:
Post a Comment