FIPS Outside Logo

Aaron Trythall | aaron@fipsoutside.com | 717-220-3251

FIPS is ... a lot.

Let me help you with that.

How can I help?

I started FIPS Outside to bridge the gap between regulation and implementation. I provide engineering-focused consulting for FIPS and US Federal Cryptographic Compliance programs.

FIPS 140-3 is a highly complicated standard with many regulatory requirements that do not cleanly map to practical implementation details. Without technical expertise, a FIPS consultant may leave your engineering team scratching their heads when it comes time to build out your FIPS-compliant solution.

I bring years of practical experience in highly technical FIPS integrations, and aim to help your team achieve its regulatory, engineering, and business goals.

Why Me?

By working with FIPS Outside, your organization will benefit from my years of experience in the FIPS industry, and have access to a wide palette of both technical and regulatory experience.

As an individual outside consultant, it is my aim to serve as an extension of your team - my only vested interest is your success.

An Engineer at Heart

First and foremost, I am an engineer. I have worked on countless FIPS integrations across a multitude of tech stacks. I can work directly with your engineering team to identify compliant solutions and avoid technical pitfalls in a way that a non-technical consultant simply cannot.

FIPS compliance sits at the intersection of complex regulatory issues and highly technical systems. To avoid costly setbacks and redesigns, I will work with your team to ensure that your engineering decisions are compatible with your compliance requirements.

A FIPS and Cryptography Geek

A FIPS expert needs to know the ins and outs of FIPS regulations, cryptosystem design considerations, and all of the processes and procedures for working through a FIPS validation.

I have worked on many validations in close conjunction with multiple FIPS laboratories and vendors, analyzed product architectures and cryptosystems for compliance gaps, and performed algorithm and functional testing for a multitude of validation efforts.

Nothing to Sell You

As a solo consultant, I can only sell you my time and expertise – That’s a good thing.

There are many ways you can pursue FIPS compliance – large consulting firms, pre-validated software, open-source projects, or entirely in-house. Each of these approaches has its benefits and drawbacks, but without a neutral third party you may hear a lot more about the upsides than the downsides.

My goal is to learn your individual needs inside-and-out, and help you find the solution that truly meets your organization’s needs.

Services

Ongoing Consulting

By engaging my services for a long term, you get all of the benefits of an in-house FIPS expert without investing in a full-time hire. My services are available on retainer, so you can be assured you’ll have first-priority access to FIPS knowledge and expertise exactly when you need it.

Market and Solutions Analysis

There are many options to achieve FIPS compliance – and most of them cost six-figures.

I’ll help to evaluate your needs, review the market for solutions, and deliver a detailed analysis of all available options.

I can also assist in preparing RFPs and lead sales calls with solution providers to advocate for your needs and provide an unbiased evaluation of the solution offered.

Compliance Project Management

A FIPS compliance and validation project has a lot of moving parts: there’s compliance and cryptosystem analysis, technical integration, coordination with FIPS laboratories, algorithm and functional testing, and host of other small details.

I’m available on a per-project basis to manage your overall compliance effort if you need an expert to focus your efforts and let your team members work undistracted in their own areas of expertise.

Algorithm and Functional Testing Support

FIPS and other government compliance programs often require a battery of testing against your product and operating environment to demonstrate correct operation.

I can provide support for your testing effort by coordinating with FIPS Laboratories, working with your engineering team to establish correct testing procedures, and directly performing testing on your product in support of your compliance needs.

Compliance Gap Analysis

You’re halfway into a contract opportunity and the dreaded question comes up: “You’re FIPS compliant, right?”. You can sort through dozens of documents and standards and never find out what that means for YOUR product.

I’ll work with your engineering team to analzye your current cryptosystem and tech stack, and identify all of the places where FIPS-Compliance is required, and help you create an actionable plan to reach your compliance requirements.

FIPS Crash Courses

Working through FIPS compliance and validation often involves nearly every part of your product team. When your organization has a baseline of FIPS knowledge, you can be assured that all of your team’s efforts are moving in the right direction towards a common goal.

I can lead a seminar with your team to establish this baseline of organizational knowlege, providing targeted information that is specifically relevant to your team members and compliance needs, while leaving out the firehose of detail that’s not applicable to your use case.