Federal Information Processing Standard (FIPS) Publication 140 (FIPS 140-3)

OverviewFAQContact
Share this page :

CyberSecurity Malaysia operates a Federal Information Processing Standard (FIPS) Publication 140 test laboratory designed to provide independent technical services in the field of cryptographic algorithm testing and verification testing of cryptographic module software and hardware.

The laboratory is known as CyberSecurity Malaysia Cryptographic Evaluation Lab (MyCEL) which is a unit that operates under the Cryptography Development Department of CyberSecurity Malaysia. The purpose of MyCEL is to provide independent testing and assurance to clients who require such services encompassing cryptography, functional, performance, stability, compatibility, and embedded systems tests.



FIPS 140 Services


MyCEL provides a full range of certification services, including:

  1. FIPS 140 Documentation Consolidation Consulting service: to help integrate all the relevant FIPS 140 documentation required for an effective FIPS 140 validation process.
  2. FIPS 140 Validation service: to conduct appropriate testing activities, perform documentation and/or source code reviews of the security product before validating the security level of the product in accordance with FIPS140 standards and subsequently forwarding the information to Cryptographic Module Validation Program (CMVP) for certification processing.
  3. Cryptographic Algorithm Testing Conformance: testing of cryptographic algorithms for submission to the Cryptographic Algorithm Validation Program (CAVP) for the purpose of obtaining an algorithm validation certificate. CAVP is a prerequisite for CMVP.
  4. CAVP Test Harness Development: to create test harnesses to test the implementation of cryptographic algorithms for the CAVP and/or Automated Cryptographic Validation Protocol (ACVP) tests.
  5. Maintaining Validation Certificate (Revalidation): vendor can update their current certificate to include new product versions (software, firmware, hardware) to avoid repeating the tedious complete validation process. MyCEL will revalidate the changes including but not limited to: administrative, hardware, version, operating system, and relevant changes.
Two sales professionals smile.

Testing And Validation Processes

ACCEPT

Receive the Service Requisition Form (SRF) and MyCEL Module Information Form from the Vendor. Assess the Vendor readiness, cryptographic module information, availability of the evidence/documentation, identify the scope of the validation, and MyCEL readiness. This is to ensure that each project has a sound base and that the testing and validation have a reasonable chance of completion. This phase is the commencement of each testing and validation project within MyCEL.

  1. Receive the Service Requisition
  2. Conduct Project Scoring Assessment
  3. Prepare Application Acceptance & Project Code
  4. Report Application Rejection

CONDUCT

Develop a detailed testing and validation project plan, this may include creating the project folder, assigning resources and schedule. Testing and validation of the cryptographic algorithm and module are executed in this phase in accordance with the agreed testing and validation methodology, and project plan.

  1. Project Initialisation
  2. Cryptographic Algorithm Validation (CAV)
  3. Cryptographic Module Validation (CMV)

CLOSE

Allows the vendor of the MyCEL to provide feedback on the testing and validation process, and formally ends the project.

  1. Email Customer Feedback Form & Project Closedown Meeting
  2. Host Project Closedown Meeting


Our Clients


No Client Address Contact Validation Type
1 Data8 Sdn Bhd Suite 8-1, Level 8,
Menara CIMB, No. 1
Jalan Sentral 2, KL
Sentral		 Rajifah Ramli
rajifah@data8.my
+6017 2910 0073		 CAVP
2 itk.swiss Chemin Monsejour 2
CH-1700 Fribourg
Switzerland		 Stiepan Aurelien Kovac
stie@itk.swiss
+41227345996		 CAVP and
CMVP
3 ProximaX Singapore Pte Ltd 519 Balestier Road, #03-
01 Le Shantier
Singapore, Singapore
329852
Singapore		 Lon Wong
info@proximax.io
Joe Chai
joe.chai@proximax.io
+60162221892		 CAVP
4 USIS Inc. No.195, Xixian 2nd St.,
West Central Dist.,
Tainan City, 700 Tainan,
Taiwan (R.O.C)		 Dr. Avis Yu, You-Chang
avis.y@ustar-is.com
+886-928088726		 CMVP
5 You Tech Solutions Sdn Bhd Bukit Mertajam, Penang
14000
Malaysia
megat@youtech.com.my		 Megat Farril Robert Rizal
megat@youtech.com.my
+6016 395 0297		 CAVP


CAVP Product List

The listing contains products with:

  1. Status “Certified” – Have completed CAVP validation and certification
  2. Status “In Progress” – Currently being validated by MyCEL, CyberSecurity Malaysia


No Client Module Name ValidationNumber Validation Date Status
1 ProximaX Singapore Pte Ltd Sirius Chain C1745 19/05/2020 Certified
2 You Tech YOUTech 256 SKI
Cipher System		 A2215 29/12/2021 Certified
3 Data8 Sdn Bhd cHEART A2909 07/10/2022 Certified




Customer Engagement FAQ

What is MyCEL and what does it stand for?

MyCEL stands for CyberSecurity Malaysia Cryptographic Evaluation Lab. It is a unit operating under the Cryptography Development Department of CyberSecurity Malaysia, specialising in cryptographic algorithm testing and verification of cryptographic module software and hardware.

What services does MyCEL provide?

MyCEL provides independent testing and assurance services encompassing cryptography, functional, performance, stability, compatibility, and embedded systems tests to clients who require such services.

How does MyCEL ensure the readiness of vendors before commencing testing and validation projects?

MyCEL assesses the vendor's readiness, cryptographic module information, and the availability of evidence/documentation during the ACCEPT phase to ensure each project has a reasonable chance of completion.

What criteria are considered during the Project Scoring Assessment?

The Project Scoring Assessment evaluates factors such as vendor readiness, the scope of validation, the availability of necessary documentation, and MyCEL capability and readiness to determine the viability of the project.

Can vendors request changes to the testing and validation project plan once it's been developed?

Yes, vendors can request changes to the project plan during the ACCEPT and CONDUCT phases if necessary. However, any changes would need to be evaluated and approved by the MyCEL team to ensure they align with the project objectives and timelines.

Contact

For any enquiry please contact:
enquiry@cybersecurity.my

logo
CyberSecurity Malaysia is the national cyber security specialist agency under the purview of the Ministry of Digital (KD)
 
Select User Category
Contact Us

  • CyberSecurity Malaysia,
    Level 7 Tower 1, Menara Cyber Axis, Jalan Impact,
    63000 Cyberjaya, Selangor Darul Ehsan, Malaysia.

  • enquiry@cybersecurity.my

  • +603 - 8800 7999

  • +603 - 8008 7000

COPYRIGHT © CYBERSECURITY MALAYSIA

CONTACT US | DISCLAIMER | PERSONAL DATA PROTECTION NOTICE | SITEMAP

TOP