Certifications
FIPS 140-3
NIST (the US National Institute of Standards and Technology) establishes Federal Information Processing Standards (FIPS) certifications, which are widely used on a voluntary basis by public and private organizations. These standards are primarily used to address legal mandates issued by the US Federal Government, and are used worldwide by organizations seeking enhanced security for cryptographic solutions.
NIST’s latest benchmark is FIPS 140-3, an evolution of FIPS 140-2, aligning with international standards (ISO/IEC 19790). It imposes more rigorous security and testing protocols for cryptographic modules. Formal assurance of compliance, and the functional correctness of cryptographic algorithms is provided through NIST’s Cryptographic Module Validation Program (CMVP) and the Cryptographic Algorithm Validation Program (CAVP), ultimately increasing confidence in the security of protected sensitive information.
PQShield’s commitment to security extends to our products, which are aligning with these benchmarks. Security isn’t just a promise; it’s a standard we uphold through rigorous, globally recognized certifications.
CAVP and CMVP certification overview
| Version | Certification Type | Link to Certificate | |
|---|---|---|---|
| PQCryptoLib-Core | v1.0.0 | CAVP | Certificate #A3011 |
| CMVP Level 1 | Certificate #4800 | ||
| v1.0.2 | CAVP | Certificate #A7693 | |
| CMVP Level 1 | Submitted, currently on MIP (Modules in Process List) | ||
| v3.0.0 | CAVP | Certificate #A6553 | |
| PQPerform-Flare | v1.0.0 | CAVP | Certificate #A6920 |
PSA Certified
PSA (Platform Security Architecture) Certified is a comprehensive, multi-level security framework and certification scheme for IoT hardware, software, and devices. Originally created by Arm, PSA Certified was built in collaboration with accredited security labs (SGS Brightsight, Riscure Keysight, UL Solutions), and certification authorities (TrustCB). The framework offers increasing levels of assurance, allowing manufacturers to match their security investment to the risk profile of the device – ranging from basic software checks to sophisticated hardware protection against physical tampering.
The objective of PSA Certified is to establish a common language and methodology. The framework enables silicon vendors, software providers and device manufacturers to build, evaluate, and certify security best practices, following four key steps:
- Analyze. Perform threat modeling to identify risks and define specific security requirements for the product
- Architect. Select components and specifications to design a system that meets the identified seurity level
- Implement. Use trusted components and validated PSA Certified APIs to interface with the hardware Root of Trust (RoT)
- Certify. Undergo independent evaluation to demonstrate compliance with security goals
PSA Certified APIs
The PSA Certified APIs are high-level, interoperable standardized software interfaces that provide a consistent way for applications to access security services regardless of the underlying hardware. The freely available PSA Certified APIs are widely deployed by chip vendors, benefitting from open-source reference implementations for MCU (TF-M) and MPU (Trusted Services), which fosters community adoption and a consistent developer experience, with no dependencies on the hardware implementations of the Root of Trust.
Four PSA Certified APIs are available:
- Crypto
- Secure Storage
- Attestation
- Firmware Update
These APIs provide trust in the implementation, as well as ease of adoption for integrators with reduction in development costs and time-to-market.
PSA Certified certification overview
| Product | Certification Type | Link to Certificate |
|---|---|---|
| PQMicroLib-Core | PSA Certified Crypto API | PSA Certified Crypto API Badge |