The EWA-Canada IT Security Evaluation & Test Facility (ITSET) provides a full complement of capabilities that support all facets of the FIPS 140-2 process. Federal Information Processing Standard (FIPS) 140-2 specifies the security requirements which must be met in order for products to be validated under the Cryptographic Module Validation Program (CMVP).  The CMVP is a joint program between the US National Institute of Standards and Technology (NIST) and the Communications Security Establishment Canada (CSEC).  These two organizations oversee the validation of products and/or cryptographic modules to the FIPS 140-2 standard.


For vendors, a successful FIPS 140-2 can be validation can be essential to selling their products in US and international markets:

  • In the U.S. cryptographic modules shall be FIPS 140-2 validated when cryptography is used by federal government agencies to protect sensitive, but unclassified information (see section 3.2 of the FIPS 140-2 FAQ for details).
  • In Canada, the CSEC recommends federal agencies use FIPS 140-2 validated cryptographic modules to secure data designated as Protected A or Protected B.
  • In the U.K., the Communications-Electronics Security Group (CESG) recommends the use of FIPS 140 validated cryptographic modules.

Achieving validation under FIPS 140-2 can be a challenging undertaking.  Selecting an experienced, accredited testing facility can play a key role in ensuring your endeavors are successful, on time and on budget.  The EWA-Canada 's capabilities that support all facets of the FIPS 140-2 include.

For a list of some of our clients that have certified or are certifying their products through EWA-Canada's labs follow this link.

Please Contact Us for further information.