NSA expands Fortezza

The National Security Agency has backed off its hard-line approach and has expanded the Fortezza card program to cover software and smart card applications in hopes that more federal agencies will consider using the technology.

NSA officials who previously had insisted on Fortezza encryption to be used only in hardware began last month to brief the commercial sector on the new design requirements which will allow different levels of security depending on the value of the information.

Fortezza is a credit-card-size security device that authenticates users and encrypts electronic mail. Fortezza-based encryption which is one of the core components of NSA's Multilevel Information Systems Security Initiative eventually will be used to secure e-mail communications for 2 million Defense Department PCs as part of the Defense Message System.

NSA last week declined to comment on its Fortezza strategy.

A spokesman for the Defense Information Systems Agency which is managing the development of DMS said NSA's move is positive because it would expand the variety and flexibility of security products that support DMS. DISA officials will ensure that these new components will be integrated seamlessly with existing DMS components he said.

"Integrating these new security products will help to clarify to the user community that DMS provides a very powerful system with the flexibility to support a variety of security solutions " the spokesman said. "It will demonstrate that DMS can easily be tailored to meet any organization's secure messaging and directory needs."

NSA's decision to expand Fortezza may have been prompted in part by the high cost of the hardware-based Fortezza card which requires a separate card reader for it to work according to Santosh Chokhani president of Cygnacom Solutions Inc. a security consulting firm based in McLean Va. Software implementations although less expensive to use provide much less robust security than Fortezza cards. Smart cards provide more security than software implementations and cost less than Fortezza cards.

"Some of the law enforcement agencies were looking at [Fortezza] very favorably as far as security goes but they weren't able to come up with the funds " he said. "The money is tight. Agencies were finding better uses for the money. It came down to money and [NSA] had to sort of bite the bullet and say `We can't do it.' "

The expansion also may prompt more civilian agencies to buy into the Fortezza solution for secure messaging.

Neil Stillman deputy assistant secretary for information resources management at the Department of Health and Human Services said he had not heard of NSA's decision but he said encryption embedded in software would be a less expensive solution and perhaps more attractive to civilian agencies that needed a level of security below that of the military.

The expansion also reflects a growing tendency of NSA to relax its aversion to the commercial marketplace Chokhani said.

In February DOD announced plans to remove the controversial government key-escrow software from Fortezza cards. Key escrow also designed by NSA provides a built-in mechanism that allows law enforcement officials to access encrypted data without the knowledge of the user. It will most likely be replaced with emerging key-recovery technology which does not have the built-in access feature.


  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    OPM nominee plans focus on telework, IT, retirement

    Kiran Ahuja, a veteran of the Office of Personnel Management, told lawmakers that she thinks that the lack of consistent leadership in the top position at OPM has taken a toll on the ability of the agency to complete longer term IT modernization projects.

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

Stay Connected