atsec information security corporation Achieves Accreditation as Cryptographic Module Testing Lab

AUSTIN, Texas – October 11, 2005 – atsec information security corporation announced their Cryptographic Module Testing Laboratory (CMTL) has achieved accreditation by the National Voluntary Laboratory Accreditation Program (NVLAP) to conduct conformance testing of cryptographic modules against the Federal Information Processing Standard (FIPS) 140-2 standard. FIPS 140-2, Security Requirements for Cryptographic Modules, specifies the security requirements that must be satisfied by a cryptographic module.

The Federal Information Security Management Act (FISMA) of 2002 removed the statutory provision that allowed agencies to waive mandatory FIPS. If an agency specifies information or data be cryptographically protected, then FIPS 140-2 is applicable. The standard precludes the use of invalidated cryptography for the cryptographic protection of sensitive or valuable data within federal systems.

FIPS 140-2 compliance ensures a product’s eligibility for sales to federal agencies and signals to other potential customers that the product has been designed and implemented to meet strong security requirements. According to Cryptographic Module Validation Program (CMVP) statistics, nearly half of all cryptographic modules and more than one quarter of all cryptographic algorithms tested were found to be flawed in either design or implementation.

“We are extremely pleased to have successfully completed the rigorous accreditation process to become a CMTL,” said Fiona Pattinson, atsec laboratory manager. “Being able to perform both Common Criteria evaluations of information technology products and FIPS 140-1 and FIPS 140-2 testing of cryptographic modules enables atsec to offer a comprehensive range of information technology security testing services to our customers.”

A joint endeavor between the National Institute of Standards and Technology (NIST) and the Canadian Security Establishment (CSE), the Cryptographic Module Validation Program (CMVP) is responsible for validating the testing performed by accredited laboratories and issuing certificates for conforming products. atsec information security corporation has now been accredited as a cryptographic module and also has two Common Criteria testing laboratories. The U.S. lab operates under National Information Assurance Partnership (NIAP) Common Criteria and Evaluation Scheme (CCEVS) in the United States and the other operating in the German scheme operated by Bundesant f??r Sicherheit in der Informationstechnik (BSI).

About atsec information security

atsec information security is an independent, standards-based IT (information technology) security consulting and evaluation services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec launched its U.S. business in May 2003, building on extensive success in Europe dating back to 2000. atsec leverages its deep security, process, and standards expertise to consult on a wide range of IT security needs, enabling clients to establish integrated security management procedures in order to manage security risk and improve data, product, and business process reliability. atsec works with leading global companies such as IBM, HP, Audi, Philips, Siemens, T-Mobile, Sony Ericsson, and Vodafone. For more information, please visit www.atsec.com.