NIST Marks Computer Security Milestone

The Cryptographic Module Validation Program run by the U.S. and Canadian governments achieved a significant milestone today as it issued the program's 50th certificate. This certificate was issued to RSA Data Security Inc. for its BSAFE Crypto-C development product. The product has been validated successfully as meeting the requirements of Federal Information Processing Standard (abbreviated FIPS) 140-1, Security Requirements for Cryptographic Modules.

According to Ray Snouffer, National Institute of Standards and Technology program manager for FIPS 140-1, "The addition of RSA broadens the availability of validated encryption software. The FIPS 140-1 Cryptographic Module Validation Program is a critical element in providing federal departments and agencies with tested cryptographic products and applications."

Validation testing for the BSAFE Crypto-C development product was performed by CygnaCom Solutions of McLean, Va.

The FIPS 140-1 Validated Modules List is quickly becoming a "who's who" of cryptographic and information technology vendors and developers from the United States, Canada and abroad. The list contains a complete range of security levels and a broad spectrum of product types, including secure radios, Internet browsers, VPN devices, PC Postage equipment, cryptographic accelerators, secure tokens and others.

The CMVP is a joint program between the United States and Canada and is managed by NIST and its Canadian counterpart, Communications Security Establishment. Prior to the launch of the testing program in 1995, there was no generally accepted way to test cryptographic products and systems.

A growing number of computer products and systems now use some form of encryption to protect information. The testing program helps consumers, businesses and government agencies make objective purchasing decisions about a variety of cryptographic modules/products. Cryptographic modules may be any combination of hardware, software and firmware.

While the government agencies oversee the program, all of the nuts-and-bolts testing is done by private, accredited laboratories in the United States and Canada. The program tests ensure that a product meets federal standards. Federal agencies are required to use FIPS 140-1 when purchasing cryptographic products intended to protect unclassified (sensitive) information. Additionally, the standard is used in the private sector as well, particularly in the financial services industry.

NIST, an agency of the U.S. Department of Commerce's Technology Administration, NIST promotes economic growth by working with industry to develop and apply technology, measurements and standards through four partnerships: the Measurement and Standards Laboratories, the Advanced Technology Program, the Manufacturing Extension Partnership and the Baldrige National Quality Program.