How much security do you need?

If you're considering a smart card, USB token or some other method of doing strong authentication, it's important to know that not all devices provide the same level of security.

The National Institute of Standards and Technology's Cryptographic Module Validation Program, started in 1995, tests cryptographic modules for conformance to Federal Information Processing Standards. According to the program's Web site, "This standard is applicable to all federal agencies that use cryptographic-based security systems to protect sensitive information in computer and telecommunication systems (including voice systems)." The modules are rated from a low of Level 1 to a high of Level 4. So far, no module has an overall rating of 4. Elaine Palmer, senior technical staff member and manager of secure embedded operating systems at IBM Corp., said her company is working to achieve a Level 4 encryption, but conceded that not everyone will need it. "We obviously want to be able to offer the highest level of confidence that's possible even though not every application will require Fort Knox-level security," she said. To access the current validation list, go to csrc.nist.gov/cryptval.

Featured

  • Defense

    DOD wants prime contractors to be 'help desk' for new cybersecurity model

    The Defense Department is pushing forward with its unified cybersecurity standard for contractors and wants large companies and industry associations to show startups and smaller firms the way.

  • FCW Perspectives
    tech process (pkproject/Shutterstock.com)

    Understanding the obstacles to automation

    As RPA moves from buzzword to practical applications, agency leaders say it’s forcing broader discussions about business operations

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.