Cyber Assurance Testing Laboratory Services

Product certification can be a complex process. If you've developed a commercial security product that needs to get to market, Booz Allen can help you get the certification you need. We're one of the world's largest cybersecurity providers, with a broad reach across industries and a leading presence in the U.S. federal market.

The marketplace is flooded with commercial security products that help streamline work, increase security, and provide helpful insights. These tools are enticing to any organization that needs to focus on its bottom line, especially the U.S. Government. But before your product can be plugged in, you will need to ensure that it is compliant with U.S. federal and international standards to address each customer's acquisition requirements. With varied customer missions, the set of acquisition requirements levied against your product may change on a per customer basis. The challenge is to find the right partner that can conduct the product certifications and provide insight into the customers’ requirements that can only come from the experience gained through directly supporting their missions.

Booz Allen takes the guesswork out of cybersecurity with an accredited, interactive Cyber Assurance Testing Laboratory (CATL) designed to test and certify a range of products against U.S. federal and international standards. We use our deep cyber expertise and broad sector experience to certify products that will support U.S. federal cyber missions.

Product certification is only part of our larger focus of helping to solve U.S. Government challenges by working with the right mix of vendors that provide secure certified products. As a solutions integrator, we collaborate with the U.S. Government and product vendors to connect the secure solutions that will ensure operation success and protect the government’s most critical resources.

• Common Criteria (CC) is an internationally recognized standard for security assessments of information assurance (IA) or IA-enabled products. CC is a product acquisition requirement for government agencies, both in the U.S. and abroad, and is a prerequisite for the Department of Defense Information Network Approved Products List (DODIN APL) and Commercial Solutions for Classified (CSFC). We provide a full lifecycle of CC services under the National Information Assurance Partnership (NIAP) scheme, from consulting and documentation development through evaluation and certificate maintenance.
• Federal Information Processing Standard (FIPS) 140-2 / 140-3 is a U.S. and Canadian standard that analyzes the security capabilities of cryptographic modules. The FIPS 140 standard is valued in a wide range of market verticals and is a prerequisite for DODIN APL and the Federal Risk and Authorization Management Program (FedRAMP). Our FIPS 140 certification process allows us to consult, conduct validations, and provide documentation development support to vendors.
• Department of Defense Information Network Approved Product List (DODIN APL) is a DOD program that tests a product’s interoperability and compliance to DOD security controls. We guide vendors through the complicated DODIN APL certification process of performing a self-assessment, engaging DOD resources, developing vendor documentation, and responding to the findings of the DOD test facility (e.g., JITC).
• Security Technical Implementation Guides (STIG) are used by the U.S. Government to define a secure configuration for a product. Similar to our services for the DODIN APL process, we assist vendors with a self-assessment, develop a STIG configuration for their product, and work with DOD to have it validated and published.
• Transportation Worker Identification Credential (TWIC) is a Transportation Security Administration (TSA) program for issuing smart cards to workers accessing U.S. maritime facilities and vessels. We test the smart card readers which verify the identity credentials on TWIC cards.
• FIPS 201 Personal Identity Verification (PIV) Standards is a U.S. federal program to certify products used in PIV credentialing systems, physical access control systems (PACS), and public key infrastructures (PKI). We provide testing services for PIV card stock and badge holders.
• Security Content Automation Protocol (SCAP) automates the vulnerability management and policy compliance of deployed systems. We perform testing on the scanners to validate their ability to use SCAP standards on specific operating systems.
• We also conduct non-standard based product comparisons and offer functional, vulnerability, and pen testing services.

Contact us for more information about our certification methodology and how we can help you navigate the complex product acquisition process.