NIST'S CRYPTOGRAPHIC MODULE VALIDATION PROGRAM ADDS WEB ACCESS FOR SECURITY POLICIES.In April 2001, NIST (National Institute of Standards & Technology, Washington, DC, www.nist.gov) The standards-defining agency of the U.S. government, formerly the National Bureau of Standards. It is one of three agencies that fall under the Technology Administration (www.technology. updated its Cryptographic Module Validation Module (CMVP CMVP Cryptographic Module Validation Program (NIST/CSE) CMVP Certified Measurement and Verification Professional ) web pages to allow convenient user access to all of the Federal Information Processing Standard Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States Federal government for use by all non-military government agencies and by government contractors. (FIPS) 140-1 validated cryptographic module security policies. Making this information available online streamlines and reduces internal workload in fulfilling requests for distribution of non-electronic security policies. A security policy is included in the documentation provided by a vendor for each validated cryptographic module. There are two major reasons for developing and following a precise cryptographic module security policy: * To provide a specification of the cryptographic security that will allow individuals and organizations to determine whether a cryptographic module as implemented satisfies a stated security policy; and * To describe to individuals and organizations the capabilities, protection, and access rights provided by the cryptographic module, thereby allowing an assessment of whether the module will adequately serve the individual or organizational security requirements. The FIPS 140-1 Validated Modules List has become a "Who's Who" of cryptographic and information technology vendors and developers from the U.S., Canada, and abroad. The list contains a complete range of security levels and a broad spectrum of product types, now including PDAs in addition to secure radios, Internet browsers, VPN devices, PC Postage equipment, cryptographic accelerators, and secure tokens. The CMVP is a joint effort between NIST and the Communications Security Establishment Noun 1. Communications Security Establishment - Canadian agency that gathers communications intelligence and assist law enforcement and security agencies CSE international intelligence agency - an intelligence agency outside the United States (CSE (Certified Systems Engineer) See Microsoft certification. ) of the Government of Canada The Government of Canada is the federal government of Canada. The powers and structure of the federal government are set out in the Constitution of Canada. In modern Canadian use, the term "government" (or "federal government") refers broadly to the cabinet of the day and . NIST and CSE serve as the validation authorities for the program. The web site is http://csrc.nist.gov/cryptval. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion