How much security do you need?

If you're considering a smart card, USB token or some other method of doing strong authentication, it's important to know that not all devices provide the same level of security.

The National Institute of Standards and Technology's Cryptographic Module Validation Program, started in 1995, tests cryptographic modules for conformance to Federal Information Processing Standards. According to the program's Web site, "This standard is applicable to all federal agencies that use cryptographic-based security systems to protect sensitive information in computer and telecommunication systems (including voice systems)." The modules are rated from a low of Level 1 to a high of Level 4. So far, no module has an overall rating of 4. Elaine Palmer, senior technical staff member and manager of secure embedded operating systems at IBM Corp., said her company is working to achieve a Level 4 encryption, but conceded that not everyone will need it. "We obviously want to be able to offer the highest level of confidence that's possible even though not every application will require Fort Knox-level security," she said. To access the current validation list, go to csrc.nist.gov/cryptval.

Featured

  • IT Modernization
    Eisenhower Executive Office Building (Image: Wikimedia Commons)

    OMB's user guide to the MGT Act

    The Office of Management and Budget is working on a rules-of-the-road document to cover how agencies can seek and use funds under the MGT Act.

  • global network (Pushish Images/Shutterstock.com)

    As others see us -- a few surprises

    A recent dinner with civil servants from Asia delivered some interesting insights, Steve Kelman writes.

  • FCW Perspectives
    cloud (Singkham/Shutterstock.com)

    A smarter approach to cloud

    Advances in cloud technology are shifting the focus toward choosing the right tool for the job and crafting solutions that truly modernize systems.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.