SafeLogic CryptoComply

Features Cross-Platform API CryptoComply delivers a single code library to support cross-operating system platforms. The same library can be used in applications across a variety of operating system platforms with the same programmatic interface while maintaining the FIPS 140-2 certification. CryptoComply accomplishes this by maintaining the same code base across multiple FIPS 140-2 validations. Open Source Compatibility CryptoComply is now available as a direct, drop-in replacement for OpenSSL, BoringSSL/BoringCrypto, JCE (Java Cryptographic Extension) providers such as Bouncy Castle, SunJCE, and RSA J-SAFE [see CryptoComply for Java], Network Security Services [see CryptoComply for NSS], and Libgcrypt [see CryptoComply for Libgcrypt]. For an architectural review and to confirm full compatibility, please contact us. RapidCert Validation SafeLogic reduces the time required for FIPS 140 validation by as much as 90% when the CryptoComply module is deployed as a replacement for non-validated software. FIPS 140-2 validations can take over 12 months, but with CryptoComply and the RapidCert process, time-to-compliance can be dramatically reduced. Our target is 8 weeks from start to finish with zero additional effort required from the customer. Extended Compliance CryptoComply provides meets the algorithm and key length mandates to support the latest guidance for FIPS 140-2, CNSA and Suite B compliance. Contact us with specific requirements. Meet Compliance Requirements Instantly CryptoComply modules are drop-in replacements for the low-level cryptographic libraries underlying TLS/SSL functions. Developers merely have to build their code to point to the CryptoComply APIs, so that the calls made by the TLS/SSL stack code are handled by CryptoComply. Because CryptoComply has already completed FIPS 140-2 validation, products that deploy CryptoComply can accurately claim FIPS 140-2 compliance immediately. Manage Costs and Time FIPS 140-2 validations can take well over a year to complete and costs have escalated dramatically, especially as the number of supported platforms increases. In the dynamic IT security business, these delays and costs can magnify competitive and customer demand pressures. CryptoComply provides instant FIPS 140-2 compliance because the modules have already undergone the validation process. Licensing other third-party modules can cost hundreds of thousands of dollars per year and don’t even include validation. With SafeLogic, customers will enjoy greatly reduced licensing and maintenance costs. Eliminate Wasted Effort Validations on a per product basis wastes time, money and effort. Save valuable resources by incorporating CryptoComply into multiple products or multiple product lines. Moreover, because CryptoComply is centrally maintained by SafeLogic, on-going support costs are greatly reduced and duplication of effort is eliminated. CryptoComply validations support a wide variety of operating system platforms and SafeLogic’s aggressive certification roadmap ensures that as new operating system versions are made available, CryptoComply FIPS 140-2 validations will be kept up-to-date. Maintain Validation Status With FIPS 140-2 validations, any changes to a traditional module may force re-validation. Additional platform support may also require a re-validation. Discovered vulnerabilities in the module code could force a re-validation. CryptoComply contains only the core cryptographic functions, ensuring that only the most critical, security-relevant changes will necessitate re-validation. While CryptoComply has been designed to isolate the validation to only the key functions, SafeLogic will continue to stringently maintain validations to support technology changes and new security threats.