Cyber Assurance Testing Laboratory Services

Product certification can be a complex process. If you've developed a commercial security product that needs to get to market, Booz Allen can help you get the certification you need. We're one of the world's largest cybersecurity providers, with a broad reach across industries and a leading presence in the U.S. federal market.

The marketplace is flooded with commercial security products that help streamline work, increase security, and provide helpful insights. These tools are enticing to any organization that needs to focus on its bottom line, especially the U.S. government. But before your product can be plugged in, you'll need to ensure that it is compliant with U.S. federal and international standards to address each customer's acquisition requirements. With varied customer missions, the set of acquisition requirements levied against your product may change on a per-customer basis. The challenge is to find the right partner that can conduct the product certifications and provide insight into the customers’ requirements that can only come from the experience gained through directly supporting their missions.

Booz Allen takes the guesswork out of cybersecurity with an accredited, interactive Cyber Assurance Testing Laboratory (CATL) designed to test and certify a range of products against U.S. federal and international standards. We use our deep cyber expertise and broad sector experience to certify products that will support U.S. federal cyber missions.

Product certification is only part of our larger focus of helping to solve U.S. government challenges by working with the right mix of commercial companies. We collaborate with the U.S. government and commercial product vendors to connect the secure solutions that will ensure operation success and protect the government’s most critical resources. Our Secure Compliance Team provides additional services to meet U.S. government cybersecurity measures under the Federal Risk and Authorization Management Program (FedRAMP) and the Cybersecurity Maturity Model Certification (CMMC) initiatives.

• Common Criteria (CC) is an internationally recognized standard for security assessments of information assurance (IA) or IA-enabled products. CC is a product acquisition requirement for government agencies, both in the U.S. and abroad, and is a prerequisite for the Department of Defense Information Network Approved Products List (DODIN APL) and Commercial Solutions for Classified (CSFC). We provide a full lifecycle of CC services under the National Information Assurance Partnership (NIAP) scheme, from consulting and documentation development through evaluation and certificate maintenance.
• Federal Information Processing Standard (FIPS) 140-2 / 140-3 is a U.S. and Canadian standard that analyzes the security capabilities of cryptographic modules. The FIPS 140 standard is valued in a wide range of market verticals and is a prerequisite for DODIN APL and FedRAMP. Our FIPS 140 certification process allows us to consult, conduct validations, and provide documentation development support to vendors.
• Department of Defense Information Network Approved Product List (DODIN APL) is a DOD program that tests a product’s interoperability and compliance with DOD security controls. We guide vendors through the complicated DODIN APL certification process of performing a self-assessment, engaging DOD resources, developing vendor documentation, and responding to the findings of the DOD test facility (e.g., JITC).
• Security Technical Implementation Guides (STIG) are used by the U.S. government to define a secure configuration for a product. Similar to our services for the DODIN APL process, we assist vendors with a self-assessment, develop a STIG configuration for their product, and work with DOD to have it validated and published.
• Transportation Worker Identification Credential (TWIC) is a Transportation Security Administration (TSA) program for issuing smart cards to workers accessing U.S. maritime facilities and vessels. We test the smart card readers which verify the identity credentials on TWIC cards.
• We also conduct non-standard-based product comparisons and offer functional, vulnerability, and pen testing services.