How much security do you need?

If you're considering a smart card, USB token or some other method of doing strong authentication, it's important to know that not all devices provide the same level of security.

The National Institute of Standards and Technology's Cryptographic Module Validation Program, started in 1995, tests cryptographic modules for conformance to Federal Information Processing Standards. According to the program's Web site, "This standard is applicable to all federal agencies that use cryptographic-based security systems to protect sensitive information in computer and telecommunication systems (including voice systems)." The modules are rated from a low of Level 1 to a high of Level 4. So far, no module has an overall rating of 4. Elaine Palmer, senior technical staff member and manager of secure embedded operating systems at IBM Corp., said her company is working to achieve a Level 4 encryption, but conceded that not everyone will need it. "We obviously want to be able to offer the highest level of confidence that's possible even though not every application will require Fort Knox-level security," she said. To access the current validation list, go to csrc.nist.gov/cryptval.

Featured

  • People
    Federal 100 logo

    Announcing the 2021 Federal 100 Award winners

    Meet the women and men being honored for their exceptional contributions to federal IT.

  • Comment
    Diverse Workforce (Image: Shutterstock)

    Who cares if you wear a hoodie or a suit? It’s the mission that matters most

    Responding to Steve Kelman's recent blog post, Alan Thomas shares the inside story on 18F's evolution.

Stay Connected