Full text

The Cryptographic Module Validation Program (CMVP) run by the U.S. and Canadian governments achieved a significant milestone recently as it issued the programs 50th certificate. The 50th certificate was issued to RSA Data Security, Inc., for their BSAFE Crypto-C development product. This product has been validated successfully as meeting the requirements of Federal Information Processing Standard (FIPS) 140-1, Security Requirements for Cryptographic Modules.

The FIPS 140-1 Validated Modules List is quickly becoming a whos who of cryptographic and information technology vendors and developers from the United States, Canada, and abroad. The list contains a complete range of security levels and a broad spectrum of product types including secure radios, internet browsers, cryptographic accelerators, secure tokens, and others. The recent validations affect federal agencies by further in creasing the number of cryptographic products available for use in securing sensitive information. Approximately 50 new modules are currently in the testing phase of validation.

At the May 1999 Communications Security Establishment (CSE) Computer Security Symposium, two private companies discussed the importance of FIPS 140-1 validation testing, the increases in security from the validation process, and the positive impact that validation had on their marketing efforts.

The CMVP is a joint effort between NIST and CSE, which serve as the validation authorities for the program. Currently, there are three National Voluntary Laboratory Accreditation Program accredited laboratories that test cryptographic modules.

For more information on FIPS 140-1, validated modules, and the accredited laboratories, see the web site at http://csrc.nist.gov/cryptval.

CONTACT: Ray Snouffer, (301) 975-4436; stanley. [email protected].