More vendors meet NIST security standard
- By Heather Harreld
- Dec 14, 1997
A federal standard that initially was slow to capture the attention of some vendors has drawn more companies to submit their products for testing to be approved for agency use for security applications.
The Federal Information Processing Standard (FIPS) 140-1 requires agencies to buy systems called cryptographic modules - which are used for data encryption user authentication digital signatures key management and other services - that have been validated by government-accredited laboratories.
The standard applies to all sensitive but unclassified data. As FCW reported in July only five companies - Northern Telecom Inc. National Semiconductor Corp. Motorola Inc. Spyrus Inc. and Mykotronx - had then received validation from the government's laboratories.
Four additional companies - Netscape Communications Corp. Chrystalis-ITS Information Resource Engineering Inc. and Cylink Corp. - have been added to the list of companies approved for agency use for the protection of sensitive data. Other Submissions Several other companies have submitted their products for testing said Miles Smid manager of the security technology group at the National Institute of Standards and Technology.
Microsoft Corp. soon plans to submit its Internet Explorer browser and its Internet Information Server products for validation companies officials announced this month. Agencies also are taking note of the requirement and using it as a differentiating factor in contract awards said John Menkhart Netscape's regional sales manager. FIPS was one of the factors that contributed to Netscape's recent win at the Defense Information Systems Agency for 2 million browser licenses he said.