Follow on Google News News By Tag Industry News * Information security * More Industries... News By Location Country(s) Industry News
Follow on Google News | NIST Successfully Slashes FIPS 140-2 Validation Wait Time Down To Record LowsNIST's CMVP has recently been very successful in drastically reducing the government waiting time for products undergoing FIPS 140-2 validation.
By: Basant Elhady A product’s status in the FIPS 140-2 process is made public, with vendor approval, through the CMVP’s Modules In Process List which is updated on a regular basis. The queue for products awaiting government review falls in the Review Pending phase, which marks the point when a validation laboratory has completed testing of the product and has submitted their final report to the CMVP. Products will generally stay in the queue until the government can allocate resources to that validation effort. During the last 13 years, Corsec has aided hundreds of vendors worldwide through the FIPS 140-2 validation process, and has seen the time spent in the Review Pending phase increase to over 6 months in recent years. Due to recent efforts by the CMVP, the number of products waiting in the queue has dropped by 90%, from almost 70 products last September, to only 8. The time waiting in the Review Pending has dropped to only weeks, instead of months. During this time, demand for validations has continued to be high. CMVP’s efforts have been successful at drastically reducing the queue and their commitment to the success of the FIPS 140-2 program is apparent and supported by the industry. “Corsec is very pleased with this momentous achievement for CMVP and for the FIPS 140-2 program,” said Matthew Appler, CEO of Corsec Security. “We look forward to continuing to do our part in assisting both the CMVP and product vendors to move their products through the process more efficiently.” In 1995, the Cryptographic Module Validation Program (CMVP) was established as a joint effort between NIST in the US and CSEC in Canada with the goal of validating cryptographic modules against Federal Information Processing Standards (FIPS), including FIPS 140. Since then, over 1500 modules have been validated against FIPS 140-2 and its predecessor FIPS 140-1. Several government mandates including NSTISSP #11, DoD 8500.2 and NIST SP 800-23, require that agencies purchase products which have undergone FIPS 140-2 as a means of ensuring third party assurance to the cryptographic security functionality of the product. About Corsec Security, Inc. Corsec Security, Inc. specializes in helping companies navigate through the complex process of receiving FIPS 140 and Common Criteria (CC) certifications. Corsec’ # # # Corsec specializes in helping vendors navigate through the complex process of receiving FIPS 140 and Common Criteria certifications. WIth 225+ certifications, our consulting, document creation, and project management services deliver unmatched expertise. End
Account Email Address Account Phone Number Disclaimer Report Abuse
|
|