You Have Your FIPS Certificate. Now What?

Posted on by

Many years ago, I purchased my first new vehicle, a Dodge Ram Club Cab named “Big Red.” That truck allowed me to pack in students from my youth group, help my friends move, and easily haul camping gear for our family trips. Bringing home a new pinball machine was almost too easy — just ask my wife.

“Big Red” was incredibly useful and provided considerable value to me over the years.

It would have been silly for me to park “Big Red” in the driveway and only admire it from the window of my living room (“Big Red” would not fit in the garage).

As a FIPS 140-2 Consultant, I am constantly surprised by how many technology companies “park” their FIPS 140-2 certificate in the driveway known as the CMVP database of validated modules — missing out on the value of their achievement.

You’ve made an investment to achieve a FIPS 140-2 certificate. Here are my top tips to gain the most value from your investment:

  • Announce your accomplishment. Activate your PR group to create a Press Release announcing your FIPS 140-2 certificate. I let my friends know about “Big Red” and they let me know when they were moving. (Hey, I would always get some pizza out of moving days.)
  • Train your Sales Team. Sales professionals can quickly absorb the right amount of FIPS information as it relates to their solutions.
  • Update your website. If a search for “FIPS” from your website does not provide meaningful results for a potential prospect, then fix that.
  • Use the FIPS 140-2 logo. You’ve earned the right to use the FIPS logo from NIST. Include the logo on your webpages and marketing materials. It may not be a beautiful logo, but it is recognized in the security community.
  • Provide a letter confirming proper integration. If you have an embedded or software-only FIPS 140-2 cryptographic module integrated in your product(s), then the CMVP makes recommendations to federal agencies about what they should do prior to acquiring your product(s). Help your Sales Team be proactive by providing this letter early during the sales cycle rather than scrambling at the end of the quarter. Few technology vendors do this well.
  • Maintain that certificate. Obtaining maximum value from “Big Red” required maintenance. For your FIPS certificate to remain useful, a thoughtful maintenance strategy is required. For example, an often overlooked maintenance task is staying up to date on the Tested Configurations supported by a software-only module. If Windows XP is the most recent operating system supported by your FIPS module, then fix that. Your customers and prospects will appreciate a well maintained FIPS certificate.

We are happy to answer your questions about these tips. Please contact [email protected]

KeyPair Consulting – expert guidance to meet your FIPS 140-2 goals