- SP 800-145: DRAFT A NIST Definition of Cloud Computing
- SP 800-144: DRAFT Guidelines on Security and Privacy in Public Cloud Computing
January 28, 2011
NIST draft SPs on Cloud Computing
I check the NIST Special Publications 800 Series on a regular basis so you don't have to. A couple of interesting drafts hit the website today:
January 20, 2011
NIST SP 800-131A Released
JUST RELEASED: NIST Special Publication 800-131A - "Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths"
SP 800-131A addresses the use of algorithms and key lengths used by Federal government agencies for the protection of sensitive but unclassified information.
Another Special Publication is expected soon: SP 800-131B. This SP will address the validation of FIPS 140-2 cryptographic modules that utilize the algorithms and keys detailed in SP 800-131A.
A big "Thank You!" to Elaine and Allen for incorporating the feedback from Federal Customers, Vendors, and Labs into the final version.
SP 800-131A addresses the use of algorithms and key lengths used by Federal government agencies for the protection of sensitive but unclassified information.
Another Special Publication is expected soon: SP 800-131B. This SP will address the validation of FIPS 140-2 cryptographic modules that utilize the algorithms and keys detailed in SP 800-131A.
A big "Thank You!" to Elaine and Allen for incorporating the feedback from Federal Customers, Vendors, and Labs into the final version.
January 19, 2011
No More Posting of Individual FIPS 140-2 Certificates
As of January 5, 2011, the CMVP will no longer print, sign, or post individual FIPS 140-2 certificates. Instead a consolidated validation certificate is auto-generated that will reference a collection of individual module validations. This will be generated and signed by the NIST and CSEC signatories on a periodic basis. The consolidated certificate will then be posted on the NIST CMVP web site to provide traceability to the signatories.
This more streamlined process should allow for much faster website postings during the "Finalization" phase of the FIPS validation process.
January 14, 2011
2010 Was a Record Year for the CMVP
The CMVP had a record year of 229 FIPS 140-2 Certificates in 2010. InfoGard Laboratories performed 34% of the total (78).
 |
| 2010 Percentage of FIPS 140-2 Certificates by Lab |
January 13, 2011
InfoGard at RSA Conference
InfoGard will be at Booth #650 at the RSA Conference in San Francisco, CA February 14-17, 2011. Please stop by to see us.
FIPS 140-2 Implementation Guidance Updated
The FIPS 140-2 Implementation Guidance was updated on December 23, 2010:
New Guidance
12/23/10: 1.16 Software Module
12/23/10: 1.17 Firmware Module
12/23/10: 2.1 Trusted Path
12/23/10: 5.5 Physical Security Level 3 Augmented with EFP/EFT
12/23/10: 9.7 Software/Firmware Load Test
12/23/10: 14.5 Critical Security Parameters for the SP 800-90 DRBGs
Modified Guidance
12/23/10: 9.6 Self-Tests When Implementing the SP 800-56A Schemes – Requirements changed.
CISSPs at InfoGard
New FIPS Lab
CGI in Canada became accredited by NIST this month to perform FIPS 140-2 validations. That brings the total number of Labs to 20 (11 of the 20 are in the US).
The complete list of Labs is available here: http://csrc.nist.gov/groups/STM/testing_labs/index.html
InfoGard wishes CGI all the best!
The complete list of Labs is available here: http://csrc.nist.gov/groups/STM/testing_labs/index.html
InfoGard wishes CGI all the best!
Subscribe to:
Posts (Atom)