Realigning (Not Re-inventing!) the Wheel: Applying a Composition Model to FIPS 140-2 Validation (C23b)
Several assurance schemes employ a composition model – combining validated elements into a larger whole – to assurance and validation processes to reduce repetitive work and streamline processes. Current FIPS 140-2 practice permits a module under validation to incorporate existing validated modules by reference, although the guidelines for this are currently not formalized in Implementation Guidance. This presentation reviews existing validations of this type; explores how module vendors or agencies can make use of this practice as it exists today; and posits formal guidelines and extensions for a composition model to benefit validation program stakeholders.