Iain Holness, Security Engineer, Cygnacom Solutions. Both ISO 19790 and Common Criteria require a stable, solid cryptographic module with at least a minimal set of capabilities or features. This presentation deals with: the pros and cons of selecting an existing stable module or building your own, keeping up to date on possible issues (CERT advisories, security websites, and Search Engines), and maintaining disclosure to customers on issues affecting your product(s). A historical analysis for FIPS and CC will also be provided surrounding these processes. Insights into each topic will be provided from the presenter’s background and experience with multiple crypto modules and products from FIPS Levels 1 to 3 and CC evaluations that have been PP-based and EAL-based.