VIEW FIPS

Penumbra Security is accredited by the National Institute of Standards and Technology (NIST), National Voluntary Laboratory Accreditation Program (NVLAP Laboratory Code 200983) for test methods for FIPS 140-2 Levels 1-4, Security Requirements for Cryptographic Modules, and for testing of Approved security functions.

FIPS 140-2 is the primary standard used by organizations, including Federal Agencies, who implement cryptographic-based security systems that provide protection for sensitive or valuable data. A FIPS 140-2 certification assures that a module meets one of four levels of security requirements. Certification opens the door for a module to be used by both the government and regulated industries that handle sensitive information. All validations to FIPS 140-2 are conducted under the NIST developed Cryptographic Module Validation Program (CMVP). Penumbra also offers evaluations to the ISO/IEC 19790 second edition 2012 08 15 Information technology – Security techniques – Security requirements for cryptographic modules.

VIEW POSTAL

Penumbra Security is the world leader in postal evidencing system (PES) evaluations. They serve the worldwide posts in helping protect the billions of dollars in revenue dispensed in the form of digital indicia by ensuring compliance to the various postal security standards such as: Information Based Indicia Program (IBIP) International Postal Meter Approval Requirements (IPMAR) Intelligent Mail Indicia Performance Criteria (IMI-PC) FRANKIT Admission Requirements NETSET2.

We are a USPS approved Advanced PES Testing Entity (APTE) and the only approved security laboratory that serves all the major postal programs, including: the United States Postal Service (USPS), Canada Post Corporation (CPC), United Kingdom Royal Mail, Deutsche Post A.G. (DPAG), Ireland An-Post. Critical aspects of PES testing and evaluation focus on: Revenue Protection Cryptography Physical Security Regulatory Compliance Infrastructure and System Security.

VIEW PEN TESTING

Penumbra Security Penetration (PEN) Testing experts provide: Network Security Architecture Review Network PEN Tests and Security Assessments Web Application PEN Tests and Vulnerability Analysis Wireless Network Assessments Source Code Review

As a security laboratory we can provide a complete risk analysis tailored around your specific needs. Critical benefits of a PEN testing and evaluation engagement are: PCI DSS or other regulatory compliance Ranked list of vulnerabilities inherent in the IT infrastructure Ranked list of vulnerabilities inherent within the organization’s web front or web application Reduction of network downtime Preservation of company image Quality Assurance Justification of security expenditure Better understanding of the current threats and the organizations risk exposure

VIEW PIV

The data contained within smartcards is often personal and/or critical and so there are a wide number of organizations that are involved in creating national & international standards. FIPS 201 provides an outline of the standards needed for the evaluations in order to achieve PIV certification. Many of these standards are set or developed by the ISO/IEC group while ANSI recommends specific standards for the needs of the U.S. and supervises their development. Penumbra Security provides the following services: Plastic Card & Smartcard durability testing as required by the PIV & CAC programs Printer Station durability testing Guidance for achieving product durability certification FIPS 201-1, ANSI 322, ISO/IEC 7810/7811/7816/10373/14443

Testing often involves analysis of the smartcard's physical characteristics and durability testing such as: Abrasion Testing (Barcode, Magnetic Stripe & Image) Delamination Testing Flex Stress (ANSI & ISO) Impact Resistance UV & Daylight Exposure Temperature & Humidity Exposure

VIEW SECURITY

Penumbra Security Information Security Engineers provide: • Infrastructure Security Architecture Review • Network Vulnerability Assessments • Physical Security Analysis • Quality Assurance Assessments We provide infrastructure security audits to meet various industry standards and requirements such as ISO/IEC 27002 (ISO/IEC 17799) and Bundesamt fur Sicherheit in der Informationstechnik (BSI - IT Baseline Protection Manual) • Postal Regulatory Compliance • PCI DSS or other regulatory compliance • Ranked list of vulnerabilities inherent in the IT infrastructure • Quality Assurance • Justification of security expenditure • Better understanding of the current threats and the organizations risk exposure • Yard stick that determines the adequacy of the existence, implementation and practice of an organizations policies and procedures • Adequacies of services provided by third-parties

VIEW COMPANY

Penumbra Security was formed in 2011 as a vehicle to provide Information Security consulting, testing and evaluation services to companies seeking standards compliance. Based on the central coast of California, Penumbra's team of Information Security professionals have a vast experience in a wide range of environments. In 2012 Penumbra Security received its NVLAP accreditation (Laboratory Code 200983) for test methods for FIPS 140-2 Levels 1-4, Security Requirements for Cryptographic Modules, and for testing of Approved security functions. Penumbra has developed a Postal Systems Evaluation Program from their extensive experience in this field. This experience includes aiding in the development of standards such as the International Postal Meter Approval Requirements (IPMAR), Information Based Indicia Program (IBIP) and the Intelligent Mail Indicia Performance Criteria (IMI PC). Our staff has been an integral part of the postal testing and evaluations program and its improvement over the past 10 years. Penumbra's professional security engineering team conducts domestic and international security assessments on products and networks for compliance to multiple accepted worldwide security standards that included FIPS 140-2, IPMAR, FRANKIT, IBIP, ISO and ANSI. Our staff has a variety of specialty training including: physical security, non-invasive security, such as, Simple and Differential Power Analysis (SPA/DPA) and Penetration testing to name a few.

Penumbra Security provides expert security and technical services to commercial and government entities. They offer Information Security conformance testing and other evaluation services as well as providing consulting and standards authoring. They also offer additional services such as penetration testing, application vulnerability assessments, physical security, SPA/DPA and network security audits. Specializing in the following product classes: Cryptographic Modules Postal Security Devices (PSD) Hardware Security Modules (HSM) Postage Evidencing Systems (PES) Voting Systems Networking Equipment and Computer Systems High Trust Software Secure Integrated Circuits Smartcards Point of Sale Terminals.

C
A
R
E
E
R
S

If you're looking for full-time post college opportunities, you’ve found the right spot. Our full-time offerings cover a wide range of disciplines. We're always on the lookout for talented graduates from various education fields. If you're looking for short-term pre-graduate opportunities, a great place to start is with Penumbra’s internship programs. Through our internship programs you’ll explore opportunities and gain valuable experience. We foster your professional network allowing you to make connections that can lead to full-time employment. We develop programs and policies to support our employees' work-life integration, and provide a stimulating and inclusive work environment to foster their development. Penumbra Security is an equal opportunity employer with a commitment to diversity. All individuals, regardless of personal characteristics, are encouraged to apply. If this is what you are looking for, please call us on 805-226-7628