Achieving FedRAMP authorization requires a hardened approach to cryptographic validation beyond shallow ciphers. For CSPs, simply saying that you use AES-256 or support TLS without verified, validated cryptographic modules introduces fatal flaws into authorization efforts. 

To succeed, CSPs must build systems that assume validation is an operational need and not something they do after the fact. They must also recognize that misinterpretations of FIPS requirements can derail otherwise sound security architectures during 3PAO audits or agency reviews.

Read More

In traditional document management, we have several ways to authenticate the legitimacy of information–a signature, a watermark, etc. In digital spaces, we don’t readily have these tools to use. That fact, along with the reality that any piece of information can be copied ad infinitum, made authentication a challenge that security experts needed to solve. 

Enter digital signatures or use cryptography to create an artifact to verify the authenticity and integrity of any piece of digital data. Digital signatures provide a way to ensure that the information has not been altered or tampered with during transmission or storage.

Read More

The National Voluntary Laboratory Accreditation Program (NVLAP) handles lab and testing requirements for several categories of products and services, several within cybersecurity. One of the most important categories is cryptographic testing and validation. 

Read More