Microsoft nears secure milestone
Microsoft Corp. has submitted Windows NT 4.0 server and workstation and Windows NT 5.0 server and workstation operating systems to be certified for a federal government standard for securing sensitive but unclassified data.
Microsoft is expected to announce shortly that various applications that rely on cryptographic modules found in the two versions of the operating system have been certified as meeting Federal Information Processing Standard (FIPS) 140-1.
This standard, issued by the National Institute of Standards and Technology, required agencies after June 30, 1997, to begin buying systems called cryptographic modules, which encrypt data, authenticate users' identities and rely on digital signatures, private-key management and other services that have been validated by government-accredited laboratories.
The standard applies to all sensitive but unclassified data, such as medical records, tax information, personnel records and other data that may not be deemed classified but that needs to be protected during transmission or storage.
However, the standard was slow to catch the attention of many major information technology security vendors because agency officials were not requiring it in their procurements.
But now, several companies— including Microsoft rival Netscape Communications Corp.— have been added to the FIPS 140-1 certified-products list.
DOD to test GCCS systems
The Defense Department this fall will conduct the first-ever advanced technology demonstration designed to test the capabilities of various information technology programs that connect to and support the Global Command and Control System (GCCS).
Information Superiority and Technology Integration 98 (ISTI-98) is being sponsored by the Advanced Information Technology Services Joint Program Office— a joint venture established in 1994 by the Defense Advanced Research Projects Agency, the Defense Information Systems Agency and the Joint Staff.
ISTI-98 will involve several independent IT programs and senior-level military organizations around the world in an exercise that will test the military's ability to use the GCCS architecture to support crisis action planning, high-level decision-making, and operations and logistics integration.
The demonstration also will include extensive information assurance tests using virtual private networks, intrusion-detection devices and other technologies.