Hi everyone! Thanks for checking out our blog. Today I thought it would be nice to share some of the philosophies on which Acumen Security is built. These philosophies came from our unique experiences on both sides of the table both as a certification lab and as a vender of certified products.
We’re the experts so you don’t have to be!
You don’t need to understand all the nuances and history. You don’t care what requirements looked like five years or why this document was written like this or that. You care about understanding what you need to do to get that checkbox and get your product out into the hands of government customers. Ambiguity is the enemy of efficiency when it comes to certification. We believe it is our responsibility to you as the customer to take the ambiguity out of certification. Now if you want to know all the history of FIPS or CC we can give you that too. We’ve both been in the industry for well over ten years and have either collaborated with or competed against just about everyone in the industry. But we’re guessing you have more important things to do like building world class products!
We will only ask you to do the bare minimum required (although we’ll make sure our recommendations make sense)!
Whether it’s functionality in a product, the dreaded word ‘evidence,’ or even the initial decision to get a product certified, we’re only going to ask you to do what is absolutely necessary. If you believe a full product certification is necessary, but you already incorporate a FIPS certified software module, we’re going to suggest you consider skipping the FIPS certification and concentrate on things that are more productive for you, not necessarily for us. On the flip-side, if you have a product that meets current certification requirements but may not meet fast-approaching requirements (think key size transitions, new functional requirements, etc.), we will suggest that you start the process of roadmapping those features or even delaying the certification so that the effort is more meaningful long term. We’ve planned many certification and feature roadmaps in our years in the industry, we’ll help you do the same. In the end, we are going to do our best to make product certification as easy and meaningful as possible for you.
We will be proactive!
Does this sound familiar to you? You are finalizing the last bit of a certification when you get an email from an evaluator/tester saying that they have found a non-compliance. This can be devastating (and costly) to engineering, release ops, program management, and most importantly your customers that you have promised to deliver certified products. We at Acumen Security understand this pain intimately. To avoid this, we perform thorough assessments early in our engagement. This is not just limited to your product. If a certification requirement does not necessarily make sense for your product, we will work with the certifying agency to ensure we have buy-in for your system up front rather than in the end when failure to get buy-in could mean a six month delay for your certification. We’ll set-up and test your product upfront to ensure that we’re ready to go when you’re ready to ship. In short, we’ll do everything we can to ensure the quickest and least surprising certification possible.
And finally, we’re partners!
In the end, we’re on this journey together. At Acumen Security we absolutely understand that we couldn’t be here without you. We strive to provide you a level of service and value that will allow us to not only partner with you on this certification but also the next and the next after that. Acumen succeeds when you succeed in meeting your certification related procurement needs in the most effective and efficient way possible. Certifications don’t have to be complicated, let us help show you the way!
Well, did these philosophies resonate with you? Let us know if you agree or disagree, give us a call or drop us a note. We are always up for a good discussion! Also, follow us on Twitter and like us on Facebook, we’ll keep you up-to-date on the ever changing world of government certifications.