Can software security be certified?
These are busy days at InfoGard Labs. The San Luis Obispo (Calif.) outfit is one of only six info-tech laboratories in the U.S. and Canada allowed to issue a government seal of approval known as FIPS compliance. FIPS stands for Federal Information Processing Standard, a rigorous set of criteria established by groups of government and private-sector experts on cryptography standards and implementations.
Starting in July, 2002, FIPS 140 level-2 standards became mandatory, replacing the more lenient FIPS 140 level-1 rules. Every company seeking to sell encryption software to the federal government or to do business with Uncle Sam involving computers and encryption has to use equipment that holds a FIPS-2 compliance rating. We're not talking just spookware. Once the strictly the province of military and intelligence communities, encryption is now common in everything from e-mail and instant-messaging software to databases.
[ Read more ]