Penumbra provides onsite training workshops for their customers in the area of FIPS 140-2 and related standards, Postal Evidencing Systems (PES) architecture, security and conformance, and other areas of inforamtion security.
Penumbra also provides "Design for Compliance" workshops that combines training to specific standards that also includes a preliminary evaluation or assessment of new or existing module designs. This allows customers to better understand the level of effort needed to adequately conform with the intended conformance target
Workshops typically run 1 to 3 days depending on the type of event.
- Cryptographic Module Specification
- Cryptographic Module Ports and Interfaces
- Roles, Services, and Authentication
- Finite State Model
- Physical Security
- Operational Environment
- Cryptographic Key Management
- Electromagnetic Interference/Electromagnetic Compatibility (EMI/EMC)
- Design Assurance
- Mitigation of other Attacks
The Cryptographic Module Validation Program (CMVP) validates cryptographic modules to FIPS 140-2 and other cryptographic based standards. The CMVP is a collaboration between the United States and Canada. Products validated as conforming to FIPS 140-2 are accepted by the Federal agencies of both countries. Cryptographic modules are conformance tested by independent, accredited testing laboratories. Testing reports are submitted to the CMVP for validation and the issuance of a certification. The National Voluntary Laboratory Accreditation Program (NVLAP) accredits laboratories to perform cryptographic module conformance testing.
Penumbra Security is accredited under NVLAP (Laboratory Code 200983-0) for test methods for FIPS 140-2 Levels 1-4, Security Requirements for Cryptographic Modules, and for testing of Approved security functions.
Penumbra also offers evaluations to the ISO/IEC 19790 second edition 2012 08 15 Information technology – Security techniques – Security requirements for cryptographic modules.