The National Voluntary Laboratory Accreditation Program (NVLAP) handles lab and testing requirements for several categories of products and services, several within cybersecurity. One of the most important categories is cryptographic testing and validation.
When we discuss cybersecurity, it’s most often done in the context of audits, assessments, or certifications. However, specific systems and components require more stringent testing standards, ensuring that the technology functions correctly and securely after construction or during ongoing operational use.
To support the testing and assurance of these components, the National Institutes of Standards and Technology (NIST) operates a program to align testing and laboratory standards with ISO 17025, the international framework for lab calibration and competence.
Providers looking into StateRAMP authentication standards may find themselves staring into a stack of requirements documents across multiple security frameworks and government contexts. Not only is this unhelpful for these providers, but it also makes the process sound much more intimidating than it needs to be. In this article, we’ll take a high-level view of authentication requirements that may be part of your StateRAMP authorization process.