3 minute read
Inner Range Bolsters Cyber Security with NIST Certification
Following on from the release of Two Factor Authentication in Inception earlier this year, Inner Range continues to enhance its cyber security credentials through the National Institute of Standards and Technology.
The National Institute of Standards and Technology (NIST) was founded in 1901 and is now part of the U.S. Department of Commerce. NIST is one of the USA’s oldest physical science laboratories and was established by Congress to remove a major challenge to U.S. industrial competitiveness at the time—a second-rate measurement infrastructure that lagged behind the capabilities of the United Kingdom, Germany, and other economic rivals.
NIST is responsible for developing information security standards and guidelines, including minimum requirements for U.S. government information systems. NIST standards are based on best practices identified from a range of sources, and are designed as a framework for federal agencies requiring stringent security measures.
The encryption algorithms used by Inner Range Integriti and Inception have both received NIST certification, and customers can be assured that the encryption used by Inner Range is of the highest standards. Certification demonstrates Inner Range’s ongoing commitment to their partners and customers by delivering solutions that have security embedded within,” said Andrew Thorburn, Enterprise Security & Risk Manager at Atlas Gentech. “It has been achieved through robust internal and independent external vulnerability testing of their products.”
The Federal Information Processing Standard (FIPS) 140-2 is a US government computer security standard used to approve cryptographic modules. As noted in the FIPS PUB 140-2: Security Requirements for Cryptographic Modules change notices document, dated 25 August 2007, FIPS 140-2 defines four levels of security, simply named “Level 1” to “Level 4”:
Level 1 Security Level 1 provides the lowest level of security. Basic security requirements are specified for a cryptographic module (e.g. at least one Approved algorithm or Approved security function shall be used). An example of a Security Level 1 cryptographic module is a personal computer (PC) encryption board.
Level 2 Security Level 2 improves upon the physical security mechanisms of a Security Level 1 cryptographic module by requiring features that show evidence of tampering, including tamper-evident coatings or seals that must be broken to attain physical access to the plaintext cryptographic keys and critical security parameters (CSPs) within the module, or pick-resistant locks on covers or doors to protect against unauthorized physical access.
Level 3 In addition to the tamper-evident physical security mechanisms required at Security Level 2, Security Level 3 attempts to prevent the intruder from gaining access to CSPs held within the cryptographic module. Physical security mechanisms required at Security Level 3 are intended to have a high probability of detecting
and responding to attempts at physical access, use or modification of the cryptographic module.
The physical security mechanisms may include the use of strong enclosures and tamper-detection/response circuitry that zeroes all plaintext CSPs when the removable covers/doors of the cryptographic module are opened.
Level 4 Security Level 4 provides the highest level of security. At this level, the physical security mechanisms provide a complete envelope of protection around the cryptographic module with the intent of detecting and responding to all unauthorized attempts at physical access. Penetration of the cryptographic module enclosure from any direction has a very high probability of being detected, resulting in the immediate deletion of all plaintext CSPs.
The NIST Cryptographic Algorithm Validation Program (CAVP) provides validation testing of approved (FIPS-approved and NIST-recommended) cryptographic algorithms and their individual components.
This certification is required for use by US federal government agencies and regulated industries. It is recognised globally and most importantly the certification provides confidence in the implementation of Inner Range cryptographic modules and their ability to communicate and store data securely.
“Cyber Security is extremely important, and it is essential that companies such as Inner Range implement the best in class encryption algorithms to ensure that our customers communications and data are secure,” said Steve Mitchell – Inner Range product development manager.
“Along with the current NIST CAVP certification, we will continue improving the cyber security of our products into the future to ensure our customers have access to the best possible protection.”
For more information about this or any other Inner Range solutions, please contact your local Atlas Gentech representative in Auckland, Wellington and Christchurch, or call our customer services representatives on 0800 732 637.
