Membership Login FR

 

 

THE TRANSPARENCY CENTRE: OPENNESS AND COLLABORATION.

 

CyberNB has partnered with Lightship Security, an industry leader in testing and certification, to create a single destination to evaluate and certify your technology and openly share results. With tests such as product validation and perimeter stress tests, as well as business practice certifications, vendors can demonstrate to partners worldwide that their product is secure, while supply chain managers can have confidence
in their suppliers’ resilience, security and compliance. 

 

 

 

 

 

VENDOR ORGANIZATIONS

 

Prove to customers, partners and stakeholders your product meets 
the latest standards in security and resilience.

 

Trust and Compliance Icon

Increase Exposure

 

Demonstrate to a global cybersecurity and industry audience that your product is ready for prime time.

 

 

Increase Trust

 

Demonstrate to the industry that your product can be trusted, and was built according to secure-by-design principles.

 

 

 

Trust and Compliance Icon

Validation Testing

 

Demonstrate to potential clients that your product has been validated against the highest industry standards.

 

 

 

 

Get Started

 

 

 

 

 

 

SUPPLY CHAIN MANAGERS

 

Peace of mind that the links in your supply chain are up to the highest 
cybersecurity and business standards.  
 

Trust and Compliance Icon

Monitor Compliance

 

Ensure vendors in your supply chain follow
the best business practices to protect the security of your perimeter.

 

 

Validate Vendor Products

 

Ensure vendor products are validated to all industry standards so that security is baked
into all products in your build.

 

 

 

Trust and Compliance Icon

Verify Resilience

 

Ensure vendor products are stress-tested
against today’s cyber threats to guarantee
the resilience of your build.

 

 

 

 

 

 

TRANSPARENCY CENTRE DASHBOARD

 

Making technology solutions more transparent. Through collaboration with an

experienced testing body partner, we test, validate and freely share results.

 

 

 

 

 

 

 

WHAT’S INCLUDED IN THE TRANSPARENCY CENTRE

 

The most current, respected product validation testing, perimeter stress

testing and business practice certifications.

 

 

 

PRODUCT VALIDATION TESTING

 

 

Cryptographic Algorithm Validation Program CAVP

 

The NIST Cryptographic Algorithm Validation Program (CAVP) provides validation testing of Approved (i.e., FIPS-approved and NIST-recommended) cryptographic algorithms and their individual components. Cryptographic algorithm validation is a prerequisite of cryptographic module validation.
 

 

 

 

 

 

 

 

 

 

 

 

 

Full Common Criteria Testing
 

The formal evaluation occurs under the Canadian Common Criteria Scheme which issues your certificate. The same team that performs the FGA also performs the evaluation so, by this phase, they are very familiar with your product and can expedite the formal testing process.
 

 

 

 

 

 

Cryptographic Module
Validation Program FIPS 140-3

 

The Cryptographic Module Validation Program (CMVP) is a joint effort between the National Institute of Standards and Technology under the Department of Commerce and the Canadian Centre for Cyber Security, a branch of the Communications Security Establishment. The goal of the CMVP is to promote the use of validated cryptographic modules and provide federal agencies with a security metric to use in procuring equipment containing validated cryptographic modules.

 

 

 

 

 

 

PERIMETER STRESS TESTING

Passion icon

Vulnerability Scan

 

Standardized vulnerability assessments

(manual and automated) targeting typical

use cases.

 

 

Evolution icon

Penetration Testing

 

Standardized penetration testing

engagement, including source code review (dynamic/static).

 

 

 

BUSINESS PRACTICE CERTIFICATIONS

 

 

 

CyberSecure Canada

 

CyberSecure Canada is the official Canadian cybersecurity certification program developed and launched by the Federal Government of Canada. It is a voluntary cybersecurity certification designed to improve Canadian small and medium sized organization's cybersecurity baseline, raise awareness and educate all Canadians about cybersecurity, and increase consumer confidence in the digital economy of Canada. It is based on 13 control areas detailed in the Baseline Cyber Security Controls for Small and Medium Organizations, written and developed by the Canadian Centre for Cyber Security.

 

 

 

 

 

 

 

 

 

 

 

Cybersecurity Maturity Model Certification

 

The Cybersecurity Maturity Model Certification (CMMC) is a mandatory certification program developed by the United States (US) Department of Defense (DoD). CMMC reviews and combines various cybersecurity standards and best practices and maps these controls and processes across several maturity levels that range from basic cyber hygiene to advanced. For a given CMMC level, the associated controls and processes, when implemented, will reduce risk against a specific set of cyber threats. The CMMC effort builds upon existing regulation (DFARS 252.204-7012) that is based on trust by adding a verification component with respect to cybersecurity requirements. It is a requirement for all organizations that wish to do business with the US DoD.

 

 

 

 

 

Privacy Impact Assessment

 

A privacy impact assessment (PIA) is a process used to determine how a program or service could affect the privacy of an individual. It can also help to avoid or lessen possible negative effects on privacy that might result from a program or service. Also, a PIA is a way for the federal government to state its commitment to protect the privacy of individuals. PIAs promote transparency and accountability and contribute to continued public confidence in the way the government manages personal information.
 

 

 

 

 

 

ABOUT LIGHTSHIP SECURITY

 

Evaluate and certify your product at the speed of development. 

 

Lightship Security is an accredited cyber test laboratory that specializes in accelerating product security certifications for governments and industry. We use our industry-leading test automation platform that codifies our extensive experience to drive certification results for speed, thoroughness and quality that previously hasn’t been possible.
Lightship Security is an ISO/IEC 17025 accredited Information Technology Security Evaluation and Testing (ITSET) laboratory. We are one of the fastest growing test labs in North America.  Standards based product certification services and solutions are our core business.

 

Learn More
 

 

 

 

 

 

 

Ready to get started with the Transparency Centre? Contact us today.

 

Get Started

 

 

 

 

TRANSPARENCY CENTRE DEVICE/SOFTWARE TESTS

 

 

 

 

Product Validation & Penetration Tests

 

Test: Certifying cryptographic algorithms through NIST CAVP program

 

Typical duration: Typically 2 weeks

 

Fee: Contact us for scoping and pricing.

Test: Non formal conformance testing to prepare for certification against ISO15408

 

Typical duration: 2-4 weeks

 

Fee: Contact us for scoping and pricing.

Test: Formal evaluation of a product against ISO15408 Common Criteria through CSE

 

Typical duration: 6-9 Months

 

Fee: Contact us for scoping and pricing.

Test: Standardized vulnerability assessments (manual and automated) targeting typical use cases

 

Typical duration: TBD depending on scope and assurance level. Generally, less than 4 weeks for standard assessment

 

Fee: Contact us for scoping and pricing.

Test: Gap assessment and consulting workshop to prepare a vendor for a formal FIPS 140-3 (ISO19790) validation process through NIST / CSE

 

Typical duration: 2 days (remote or in person)

 

Fee: Contact us for scoping and pricing.

Test: Full formal validation process to achieve a FIPS 140-3 (ISO19790) module validation

 

Typical duration: 3-4 months testing
9-12 months total to certification including government review

 

Fee: Contact us for scoping and pricing.

Test: Standardized penetration testing engagement  -  including source code review (dynamic / static)

 

Typical duration: TBD depending on scope and assurance level. Generally 2-3 weeks for standard assessment

 

Fee: Contact us for scoping and pricing.

 

 

 

 

 

Business Practices Certifications

 

Duration:1-3 Months

 

Registration costs: $350.00 CAD Plus tax

 

Review costs (Third Party): ESTIMATION $1,500 to $3,500 CAD plus tax

Duration: 1-3 Months

 

Registration costs: $350.00 CAD Plus tax

 

Review costs (Third Party): TBD

 

 

 

 

 

Contact CyberNB’s Director of Trust & Compliance, Brendan Dunphy, at Brendan.dunphy@cybernb.ca 
to get started with the Transparency Centre today