ACCESS CONTROL
Inner Range Bolsters Cyber Security with NIST Certification Following on from the release of Two Factor Authentication in Inception earlier this year, Inner Range continues to enhance its cyber security credentials through the National Institute of Standards and Technology. The National Institute of Standards and Technology (NIST) was founded in 1901 and is now part of the U.S. Department of Commerce. NIST is one of the USA’s oldest physical science laboratories and was established by Congress to remove a major challenge to U.S. industrial competitiveness at the time—a second-rate measurement infrastructure that lagged behind the capabilities of the United Kingdom, Germany, and other economic rivals.
NIST is responsible for developing information security standards and guidelines, including minimum requirements for U.S. government information systems. NIST standards are based on best practices identified from a range of sources, and are designed as a framework for federal agencies requiring stringent security measures. The encryption algorithms used by Inner Range Integriti and Inception have both received NIST certification, and customers can be assured that the encryption used by Inner Range is of the highest standards. Certification demonstrates Inner Range’s ongoing commitment to their partners and customers by delivering solutions that have security embedded within,” said Andrew Thorburn, Enterprise Security & Risk Manager at Atlas Gentech. “It has been achieved through robust internal and independent external vulnerability testing of their products.” The Federal Information Processing Standard (FIPS) 140-2 is a US government computer security standard used to approve cryptographic modules. As noted in the FIPS PUB 140-2: Security Requirements for Cryptographic Modules change notices document, dated 25 August 2007, FIPS 140-2 defines four levels of security, simply named “Level 1” to “Level 4”:
security function shall be used). An example of a Security Level 1 cryptographic module is a personal computer (PC) encryption board. Level 2 Security Level 2 improves upon the physical security mechanisms of a Security Level 1 cryptographic module by requiring features that show evidence of tampering, including tamper-evident coatings or seals that must be broken to attain physical access to the plaintext cryptographic keys and critical security parameters (CSPs) within the module, or pick-resistant locks on covers or doors to protect against unauthorized physical access. Level 3 In addition to the tamper-evident physical security mechanisms required at Security Level 2, Security Level 3 attempts to prevent the intruder from gaining access to CSPs held within the cryptographic module. Physical security mechanisms required at Security Level 3 are intended to have a high probability of detecting
Level 1 Security Level 1 provides the lowest level of security. Basic security requirements are specified for a cryptographic module (e.g. at least one Approved algorithm or Approved
24
NZSM
December 2020/January 2021
