How much security do you need?

If you're considering a smart card, USB token or some other method of doing strong authentication, it's important to know that not all devices provide the same level of security.

The National Institute of Standards and Technology's Cryptographic Module Validation Program, started in 1995, tests cryptographic modules for conformance to Federal Information Processing Standards. According to the program's Web site, "This standard is applicable to all federal agencies that use cryptographic-based security systems to protect sensitive information in computer and telecommunication systems (including voice systems)." The modules are rated from a low of Level 1 to a high of Level 4. So far, no module has an overall rating of 4. Elaine Palmer, senior technical staff member and manager of secure embedded operating systems at IBM Corp., said her company is working to achieve a Level 4 encryption, but conceded that not everyone will need it. "We obviously want to be able to offer the highest level of confidence that's possible even though not every application will require Fort Knox-level security," she said. To access the current validation list, go to csrc.nist.gov/cryptval.

Featured

  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

  • innovation (Sergey Nivens/Shutterstock.com)

    VA embraces procurement challenges at scale

    Steve Kelman applauds the Department of Veterans Affairs' ambitious attempt to move beyond one-off prize-based contests to combat veteran suicides more effectively.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.