Although this was once a fairly niche topic, it is no longer so. Other industries--banking, military, healthcare, air travel, and more have adopted FIPS certification for cryptographic products. The demand for these services has grown exponentially. Still, the available skills pool has not. Many people are working on products with zero usable information on what to do to meet these standards and achieve certification or even understand if such certification applies to their products.
This book is intended to provide practical information to practitioners to understand yhy you should choose certification, what are the pros and cons, how they need to design to comply with the specifications (FIPS-140, SP800 documents and related international specs such as AIS31, GM/T-0005-2021, etc.), and how to perform compliance testing. It will also cover how to interact with accredited certification labs and how to interact with related industry forums (CMUF, ICMC). In short, everything you need to know to make good decisions and sound designs in a certified context.
What you'll learn
Who This Book Is For
Readers will typically be working hardware and software engineers or managers of engineering programs that include any form of cryptographic functionality. This includes silicon vendors, library vendors, OS vendors, system integrators.