January 28, 2011

NIST draft SPs on Cloud Computing

I check the NIST Special Publications 800 Series on a regular basis so you don't have to.  A couple of interesting drafts hit the website today:

  • SP 800-145:  DRAFT A NIST Definition of Cloud Computing
  • SP 800-144:  DRAFT Guidelines on Security and Privacy in Public Cloud Computing
If you would like to provide feedback to NIST on the above documents, do so before February 28, 2011.  For more details, visit the NIST website using the link above.

January 20, 2011

NIST SP 800-131A Released

JUST RELEASED:  NIST Special Publication 800-131A - "Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths"

SP 800-131A addresses the use of algorithms and key lengths used by Federal government agencies for the protection of sensitive but unclassified information.

Another Special Publication is expected soon:  SP 800-131B.  This SP will address the validation of FIPS 140-2 cryptographic modules that utilize the algorithms and keys detailed in SP 800-131A.

A big "Thank You!" to Elaine and Allen for incorporating the feedback from Federal Customers, Vendors, and Labs into the final version.

January 19, 2011

No More Posting of Individual FIPS 140-2 Certificates


As of January 5, 2011, the CMVP will no longer print, sign, or post individual FIPS 140-2 certificates. Instead a consolidated validation certificate is auto-generated that will reference a collection of individual module validations. This will be generated and signed by the NIST and CSEC signatories on a periodic basis. The consolidated certificate will then be posted on the NIST CMVP web site to provide traceability to the signatories.
This more streamlined process should allow for much faster website postings during the "Finalization" phase of the FIPS validation process.

January 14, 2011

2010 Was a Record Year for the CMVP

The CMVP had a record year of 229 FIPS 140-2 Certificates in 2010.  InfoGard Laboratories performed 34% of the total (78).

2010 Percentage of FIPS 140-2 Certificates by Lab


January 13, 2011

InfoGard at RSA Conference

InfoGard will be at Booth #650 at the RSA Conference in San Francisco, CA February 14-17, 2011.  Please stop by to see us.

FIPS 140-2 Implementation Guidance Updated

The FIPS 140-2 Implementation Guidance was updated on December 23, 2010:

New Guidance
                        12/23/10: 1.16 Software Module
                        12/23/10: 1.17 Firmware Module
                        12/23/10: 2.1 Trusted Path
                        12/23/10: 5.5 Physical Security Level 3 Augmented with EFP/EFT
                        12/23/10: 9.7 Software/Firmware Load Test
                        12/23/10: 14.5 Critical Security Parameters for the SP 800-90 DRBGs
                         
Modified Guidance
                        12/23/10: 9.6 Self-Tests When Implementing the SP 800-56A Schemes – Requirements changed.

CISSPs at InfoGard

Six more InfoGard Security Engineers passed the CISSP exam in late 2010.  That brings the total CISSPs at InfoGard to 14!  That sets a record for any FIPS Lab.

Congrats to Annie, Marc, Adam, Kenji, Ryan, and Steve!

New FIPS Lab

CGI in Canada became accredited by NIST this month to perform FIPS 140-2 validations.  That brings the total number of Labs to 20 (11 of the 20 are in the US).

The complete list of Labs is available here:  http://csrc.nist.gov/groups/STM/testing_labs/index.html

InfoGard wishes CGI all the best!