March 18, 2011

Code Corp. receives FIPS 140-2 certificates for Bar Code Readers

Code Corporation selected InfoGard as their testing laboratory for the following FIPS 140-2 Level 2 Bar Code Readers and Bluetooth Modem:

Cert. #
1509 - CodeXML® FIPS Bluetooth® Modem
1519 - Code Reader 2500 FIPS and Code Reader 3500 FIPS

See Code Corporation's Press Release for more information.  You may select the FIPS Certificate numbers above to visit the NIST website postings for these devices.

Congratulations on a successful FIPS validation Code Corp. Team!

March 17, 2011

GDC Technology's Integrated Media Block receives FIPS 140-2 Level 3 certificate

GDC Technology selected InfoGard as their FIPS 140-2 testing laboratory for validation of their Integrated Media Block (IMB).  A FIPS 140-2 validation at Security Level 3 is a requirement to meet Digital Cinema Initiative (DCI) specifications:

Cert. #
1518 - IMB

See the GDC Technology Press Release for more information.  You may select the FIPS Certificate number above to visit the posting on the NIST website.

Congratulations to the GDC Team!

March 14, 2011

Public meeting March 18 to discuss Federal transition to SHA-256

Re-posted summary from the Federal Register website:

The Civilian Agency Acquisition Council, and the Defense Acquisition Regulations Council are hosting the first of at least two public meetings to start a dialogue with industry and Government agencies about ways for the acquisition community to transition to Secure Hash Algorithm SHA-256. SHA-256 is a cryptographic hash function that is used in digital signatures and authentication protocols.

The meeting is March 18, 2011 from 9am-noon EDT.  Visit the Federal Register website for more details.

March 11, 2011

Draft available for FIPS 201-2 PIV

On March 8, NIST released the Draft FIPS 201-2, Personal Identity Verification of Federal Employees and Contractors.

Comments are due by June 6, 2011.

A workshop will be held April 18 and 19, 2011 at NIST in Gaithersburg, Maryland.  Remote attendance is available via webcast.  You must pre-register by April 11, 2011 to participate in the workshop.

The Draft FIPS 201-2 PIV document and workshop details are available at the NIST Draft Publications website.

March 8, 2011

NVLAP lab code listing

The FIPS 140-2 validated modules listing now shows the NVLAP lab codes for the CST laboratories.  The listing below provides a mapping of NVLAP lab codes to the accredited laboratory names for easy reference.


100414-0 Underwriters Laboratories, Inc.
100432-0 InfoGard Laboratories, Inc.
200002-0 CEAL: a CygnaCom Solutions Laboratory
200416-0 COACT Inc. CAFE Laboratory
200426-0 Computer Sciences Corporation
200427-0 SAIC Accredited Testing & Evaluation (AT&E) Labs (MD)
200492-0 SAIC Accredited Testing & Evaluation (AT&E) Labs (VA)
200556-0 EWA - Canada IT Security Evaluation & Test Facility
200636-0 TÜV Informationstechnik GmbH
200648-0 Aspect Labs, a division of BKP Security, Inc.
200658-0 atsec information security corporation
200697-0 ICSA Labs, An Independent Division of Verizon Business
200802-0 ÆGISOLVE, INC.
200822-0 Information Technology Security Center
200824-0 TTC IT Security Evaluation Laboratory
200835-0 ECSEC Laboratory Inc.
200856-0 Epoche & Espri
200900-0 stratsec lab

Canadian lab, CGI, no longer listed as a FIPS 140 lab

The newest FIPS testing laboratory, CGI, is no longer listed on the NIST website

March 3, 2011

FIPS 140-2 Implementation Guidance updated

The FIPS 140-2 Implementation Guidance was updated on March 3, 2011.  No new guidance is included in this update, but the following modified guidance may be of interest:
  • A.2 Use of Non-NIST-Recommended Asymmetric Key Sizes and Elliptic Curves
    • Updated for consistency with recent standards
  • A.6 CAVP Requirements for Vendor Affirmation of FIPS 186-3 Digital Signature Standard
    • Transition end date for FIPS 186-3 RSA is defined

Canadian FIPS 140-2 laboratory loses accreditation

DOMUS Laboratory has dropped off the list of NIST accredited FIPS 140-2 testing laboratories.  DOMUS performed the 3rd most validations in 2010 (13% of the total).

March 2, 2011

CMVP report review times getting faster?

The CMVP review time for FIPS 140-2 report submissions has improved significantly in recent months.  I am reducing my unofficial CMVP review time estimate to 2 to 4 months (previously, I had been telling customers that the queue time was 4 to 5 months).

Please note that this is my personal estimate based on actual report submissions by InfoGard.  The review time estimate includes the time from report submission to the CMVP to the time comments are received by the Laboratory.

During  lunch last month at the RSA Conference, I mentioned that InfoGard had experienced shorter report review times to Randy, Jean, and Allen of the CMVP.  They joked with me that they could slow our report reviews down if it was causing a problem.  I assured them that the shorter reviews were a big help to Labs, Vendors, and Customers!

Take the poll on the my home page to share your review time experience with others.