Membership Login FR








CyberNB has partnered with Lightship Security, an industry leader in testing and certification, to create a single destination to evaluate and certify your technology and openly share results. With tests such as product validation and perimeter stress tests, as well as business practice certifications, vendors can demonstrate to partners worldwide that their product is secure, while supply chain managers can have confidence
in their suppliers’ resilience, security and compliance. 








Prove to customers, partners and stakeholders your product meets 
the latest standards in security and resilience.


Trust and Compliance Icon

Increase Exposure


Demonstrate to a global cybersecurity and industry audience that your product is ready for prime time.



Increase Trust


Demonstrate to the industry that your product can be trusted, and was built according to secure-by-design principles.




Trust and Compliance Icon

Validation Testing


Demonstrate to potential clients that your product has been validated against the highest industry standards.





Get Started









Peace of mind that the links in your supply chain are up to the highest 
cybersecurity and business standards.  

Trust and Compliance Icon

Monitor Compliance


Ensure vendors in your supply chain follow
the best business practices to protect the security of your perimeter.



Validate Vendor Products


Ensure vendor products are validated to all industry standards so that security is baked
into all products in your build.




Trust and Compliance Icon

Verify Resilience


Ensure vendor products are stress-tested
against today’s cyber threats to guarantee
the resilience of your build.









Making technology solutions more transparent. Through collaboration with an

experienced testing body partner, we test, validate and freely share results.












The most current, respected product validation testing, perimeter stress

testing and business practice certifications.







Cryptographic Algorithm Validation Program CAVP


The NIST Cryptographic Algorithm Validation Program (CAVP) provides validation testing of Approved (i.e., FIPS-approved and NIST-recommended) cryptographic algorithms and their individual components. Cryptographic algorithm validation is a prerequisite of cryptographic module validation.













Full Common Criteria Testing

The formal evaluation occurs under the Canadian Common Criteria Scheme which issues your certificate. The same team that performs the FGA also performs the evaluation so, by this phase, they are very familiar with your product and can expedite the formal testing process.






Cryptographic Module
Validation Program FIPS 140-3


The Cryptographic Module Validation Program (CMVP) is a joint effort between the National Institute of Standards and Technology under the Department of Commerce and the Canadian Centre for Cyber Security, a branch of the Communications Security Establishment. The goal of the CMVP is to promote the use of validated cryptographic modules and provide federal agencies with a security metric to use in procuring equipment containing validated cryptographic modules.








Passion icon

Vulnerability Scan


Standardized vulnerability assessments

(manual and automated) targeting typical

use cases.



Evolution icon

Penetration Testing


Standardized penetration testing

engagement, including source code review (dynamic/static).








CyberSecure Canada


CyberSecure Canada is the official Canadian cybersecurity certification program developed and launched by the Federal Government of Canada. It is a voluntary cybersecurity certification designed to improve Canadian small and medium sized organization's cybersecurity baseline, raise awareness and educate all Canadians about cybersecurity, and increase consumer confidence in the digital economy of Canada. It is based on 13 control areas detailed in the Baseline Cyber Security Controls for Small and Medium Organizations, written and developed by the Canadian Centre for Cyber Security.












Cybersecurity Maturity Model Certification


The Cybersecurity Maturity Model Certification (CMMC) is a mandatory certification program developed by the United States (US) Department of Defense (DoD). CMMC reviews and combines various cybersecurity standards and best practices and maps these controls and processes across several maturity levels that range from basic cyber hygiene to advanced. For a given CMMC level, the associated controls and processes, when implemented, will reduce risk against a specific set of cyber threats. The CMMC effort builds upon existing regulation (DFARS 252.204-7012) that is based on trust by adding a verification component with respect to cybersecurity requirements. It is a requirement for all organizations that wish to do business with the US DoD.






Privacy Impact Assessment


A privacy impact assessment (PIA) is a process used to determine how a program or service could affect the privacy of an individual. It can also help to avoid or lessen possible negative effects on privacy that might result from a program or service. Also, a PIA is a way for the federal government to state its commitment to protect the privacy of individuals. PIAs promote transparency and accountability and contribute to continued public confidence in the way the government manages personal information.








Evaluate and certify your product at the speed of development. 


Lightship Security is an accredited cyber test laboratory that specializes in accelerating product security certifications for governments and industry. We use our industry-leading test automation platform that codifies our extensive experience to drive certification results for speed, thoroughness and quality that previously hasn’t been possible.
Lightship Security is an ISO/IEC 17025 accredited Information Technology Security Evaluation and Testing (ITSET) laboratory. We are one of the fastest growing test labs in North America.  Standards based product certification services and solutions are our core business.


Learn More







Ready to get started with the Transparency Centre? Contact us today.


Get Started










Product Validation & Penetration Tests


Test: Certifying cryptographic algorithms through NIST CAVP program


Typical duration: Typically 2 weeks


Fee: Contact us for scoping and pricing.

Test: Non formal conformance testing to prepare for certification against ISO15408


Typical duration: 2-4 weeks


Fee: Contact us for scoping and pricing.

Test: Formal evaluation of a product against ISO15408 Common Criteria through CSE


Typical duration: 6-9 Months


Fee: Contact us for scoping and pricing.

Test: Standardized vulnerability assessments (manual and automated) targeting typical use cases


Typical duration: TBD depending on scope and assurance level. Generally, less than 4 weeks for standard assessment


Fee: Contact us for scoping and pricing.

Test: Gap assessment and consulting workshop to prepare a vendor for a formal FIPS 140-3 (ISO19790) validation process through NIST / CSE


Typical duration: 2 days (remote or in person)


Fee: Contact us for scoping and pricing.

Test: Full formal validation process to achieve a FIPS 140-3 (ISO19790) module validation


Typical duration: 3-4 months testing
9-12 months total to certification including government review


Fee: Contact us for scoping and pricing.

Test: Standardized penetration testing engagement  -  including source code review (dynamic / static)


Typical duration: TBD depending on scope and assurance level. Generally 2-3 weeks for standard assessment


Fee: Contact us for scoping and pricing.






Business Practices Certifications


Duration:1-3 Months


Registration costs: $350.00 CAD Plus tax


Review costs (Third Party): ESTIMATION $1,500 to $3,500 CAD plus tax

Duration: 1-3 Months


Registration costs: $350.00 CAD Plus tax


Review costs (Third Party): TBD






Contact CyberNB’s Director of Trust & Compliance, Brendan Dunphy, at [email protected] 
to get started with the Transparency Centre today