New security standard for federal agencies effective in November. (News Briefs).Computer security experts at the National Institute of Standards and Technology National Institute of Standards and Technology, governmental agency within the U.S. Dept. of Commerce with the mission of "working with industry to develop and apply technology, measurements, and standards" in the national interest. have developed a new standard for information scrambling products used by civilian federal agencies. The standard, NIST (National Institute of Standards & Technology, Washington, DC, www.nist.gov) The standards-defining agency of the U.S. government, formerly the National Bureau of Standards. It is one of three agencies that fall under the Technology Administration (www.technology. Federal Information Processing Standard Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States Federal government for use by all non-military government agencies and by government contractors. 140-2, Security Requirements for Cryptographic Modules, becomes effective November 25, 2001. Computer security products used by agencies for sensitive, unclassified information must be certified under the new FIPS (Federal Information Processing Standards) A series of publications issed by the U.S. National Institute of Standards and Technology (NIST) that specifies information security guidelines for federal government departments and agencies. standard. It replaces a standard, 140-1, that had been in place since 1994. Accredited accredited recognition by an appropriate authority that the performance of a particular institution has satisfied a prestated set of criteria. accredited herds cattle herds which have achieved a low level of reactors to, e.g. private sector laboratories have tested and validated more than 150 cryptographic modules as conforming to the existing standard. Indeed, the list is a "who's who" of cryptographic and information technology vendors and developers from the United States, Canada, and abroad. The list contains a complete range of security levels and a broad spectrum of product types including secure radios, Internet browsers, VPN devices, PC postage equipment, cryptographic accelerators, and others. Vendors who plan to sell security equipment to the federal government submit their products and systems to the Cryptographic Module Validation Program The Cryptographic Module Validation Program (CMVP) is a joint American and Canadian security accreditation program for cryptographic modules. The program is available to any vendors who seek to have their products certified for use by the U.S. . The CMVP is a joint program between NIST and its Canadian counterpart, the Communications Security Establishment Noun 1. Communications Security Establishment - Canadian agency that gathers communications intelligence and assist law enforcement and security agencies CSE international intelligence agency - an intelligence agency outside the United States . Before the launch of the testing program in 1995, there was no generally accepted way to test cryptographic modules. The cryptographic modules may be any combination of hardware, software and firmware. While the government agencies oversee the program, all of the nuts-and-bolts testing is done by private, accredited laboratories in the United States and Canada. The program tests ensure that a product meets federal standards. Federal agencies are currently required to use FIPS 140-1 when purchasing cryptographic products intended to protect information. Additionally, the standards are used in the private sector as well, particularly in the financial services industry. Detailed information about the new standard is available at http://www.nist.gov/fips 140-2. Media Contact: Philip Bulman, (301) 975-5661; philip. bulman@nist.gov. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion