Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Security and Confidence in IT Products

Published

Author(s)

E Roback

Abstract

Federal organizations need to have an appropriate level of confidence that the security features of IT products work as intended and meet security specifications. The basis for having such confidence is through security assurance. Products with an appropriate degree of assurance contribute to the security and assurance of the system as a whole and thus should be an important factor in IT procurement decisions. NIST helps agencies obtain security assurance in products through two programs for product evaluation and testing -- the National Information Assurance Partnership (NIAP)'s Common Criteria Evaluation and Validation Scheme and the Cryptographic Module Validation Program (CMVP). Both programs use accredited private sector laboratories to conduct the actual testing and issue government certificates upon successful completion of testing. The NIAP's evaluation program focuses on evaluations of against a set of security specifications drawn from the Common Criteria (ISO 15408). Testing under CMVP this program helps provide customers with assurance: 1) that a cryptographic module meets one of the four security specification levels of Federal Information Processing Standard (FIPS) 140-1, Security Requirements for Cryptographic Modules and 2) that the FIPS-approved algorithms (e.g., for encryption or digital signatures) are correctly implemented. Both programs help agencies have confidence in the security aspects of the IT products they use.
Citation
Government Computer News

Keywords

computer security, security assurance, security testing

Citation

Roback, E. (2000), Security and Confidence in IT Products, Government Computer News (Accessed October 4, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created April 1, 2000, Updated February 17, 2017