Product Compliance

The Leidos Accredited Testing & Evaluation Laboratory (AT&E) is comprised of two industry leading laboratories accredited (Common Criteria, FIPS 140-2) by National Voluntary Laboratory Accreditation Program (NVLAP Lab Code: 200427-0) to provide IT security evaluation and testing services for commercial companies to meet their federal and international sales acquisition requirements. Our labs have in aggregate certified more than 1000 commercial products. Learn more about our offerings below.


Accredited Testing & Evaluation of COTS Products

Common Criteria

Common Criteria certification is a DoD/NSS/Public sector international acquisition requirement in 28 nations. Commercial product vendors are required to certify their products before being sold and deployed in these target environments. The Leidos Common Criteria lab has been vetted by the US Government to conduct these IT security evaluations. Leidos Common Criteria Lab is the US industry leader having historically completed the most certifications. The lab’s technical proficiency has been recognized by its customer base and the government validators and as such Leidos has been chosen to conduct the most challenging of certification efforts. In addition to its industry leading technical ability, the key differentiator for the Leidos Common Criteria lab is its size which allows it to concurrently process multiple commercial client certification requirements allowing Vendors to get their products to market in the most time and cost effective manner.

Visit the Common Criteria Portal »

FIPS 140-2

FIPS 140-2

Federal Information Processing Standard (FIPS) Publication 140-2 is a DoD/NSS/Public sector acquisition requirement. Similar to Common Criteria (above), Commercial product vendors are required to certify their products’ cryptographic modules (software, hardware, and/or firmware) before being sold and deployed in these target environments. In most cases, a FIPS 140-2 certificate is required to qualify for US Federal RFPs. The Leidos FIPS 140-2 lab has been vetted by the US Government to conduct these IT security evaluations and is an industry leader having completed the most certifications in recent years.

Visit the Cryptographic Module Validation Program»



The Federal Information Processing Standard (FIPS) Publication 201 specifies that Personal Identify Verification (PIV) requirements are necessary for Federal employees and contractors and details those specifications. In addition to our Common Criteria and FIPS 140-2 services, we provide a complete range of PIV testing and support services to test PIV Middleware and Card Applications against the requirements defined by GSA's FIPS 201 Evaluation Program (EP) and NIST Personal Identity Verification Program (NPIVP).

Secure Content Automation Protocol (SCAP)

The Secure Content Automation Protocol (SCAP) tests and monitors systems for security issues such as software deficiencies, configuration issues and other vulnerabilities. SCAP testing helps to ensure that a computer's configuration is within the guidelines set by the Federal Desktop Core Configuration, a group of security-sensitive configuration settings developed by the National Voluntary Laboratory Accreditation Program (NVLAP) and the National Security Agency. Leidos is accredited to perform SCAP Validations and was the first lab to certify a product against the current v1.2 of the Standard.

Transportation Worker Identification Credential

Transportation Worker Identification Credential (TWIC)

Leidos provides a complete range of Transportation Worker Identification Credential (TWIC) testing and support services to undergo Transportation Security Administration (TSA) Qualified Technology List (QTL) Program testing. These services include Card Reader Evaluations (conformance to the TWIC reader specification), Product Testing (operation, compatibility, electrical, safety), and related Consulting.

3rd Party Customized Consulting

3rd Party Customized Consulting

Leidos AT&E lab is not restricted to solely perform the activities of its accreditations as detailed above. In the spirit of client partnership the lab has successfully leveraged the disciplines of the accreditations themselves; from Common Criteria based life-cycle audits, Common Criteria based vulnerability and pen testing activities, to FIPS 140-2 based Suite-B algorithm testing and FIPS 140-2 source code review to create customized deliverables that meet our clients unique business needs. A strong technical assessment based upon industry accepted standards coupled with the industry leading Leidos brand has been well received for our client’s unique needs. We will be happy to create a new deliverable that meets your unique requirements.


Want to know more?
We'll put you in touch with a cyber expert.