atsec conducts testing with charismathics’ CSSI middleware in first NIST PIV Program (NPIVP) SP800-73-2 PIV Middleware Validation
2009-11-04Austin, TX - atsec information security is proud to announce that it has performed the first PIV middleware validation testing under the NIST PIV Program (NPIVP) for the recently released SP800-73-2 giving the interfaces for Personal Identity Verification.
The certificate for the successful validation – of the charismathics Smart Security Interface PIV, Version 2.1.0.9 (certificate no. 12) – was issued on October 23rd and can be found on the Middleware Validation List on the NPIVP website.
Apostol Vassilev, Laboratory Manager for atsec’s CST lab, commented: "atsec succeeded to complete successfully the first PIV Middleware validation testing according to NIST's SP 800-73-2. Being the first laboratory to work under this new standard carries a lot of challenges and hidden costs resulting from the changes in the scope of testing and the corresponding tools. I am very proud that atsec managed to respond to these challenges with skill and commitment to efficiency. We were able to not only deliver a great return of investment to our client but also to support NIST in improving the overall validation process for the SP 800-73-2 standard - a mark of excellence by a true industry leader."
“atsec did an excellent job in working with NIST in achieving the validation of our CSSI PIV middleware,” said Sven Gossel, CEO of charismathics. “charismathics’ CSSI PIV middleware is the first to achieve the SP 800-73-2 certification and atsec was key to making this a success. Having the SP 800-73-2 certification continues the strategic positioning of our CSSI middleware as the premier PKI middleware solution.”
The new special publication is an updated technical specification for personal identity verification (PIV) cards that are being phased in by U.S. federal departments and agencies for use by their employees and contractors and is the first major update since 2006 and is driven by HSPSD#12 (The Homeland Security Presidential Directive 12 “Policy for a Common Identification Standard for Federal Employees and Contractors”).
atsec tested the PIV middleware in accordance with: the Derived Test Requirements (DTR) and Test Assertions (TA) in NIST Special Publication (SP) 800-85A-1 PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-2 Compliance).
NPVIP validated the PIV middleware to be conformant to: NIST Special Publication 800-73-2 Interfaces or Personal Identity Verification, Part 3: End-Point PIV Client Application Programming Interface.
atsec’s labs are accredited and licensed in the U.S. by the National Voluntary Laboratory Program (NVLAP) and operates laboratories with test scopes for the NIST PIV Program (NPIVP), as well as for Cryptographic Module testing (according to FIPS 140-2), algorithm validations and SCAP compliance testing.
atsec also is an accredited laboratory for the GSA FIPS 201 Evaluation Program which runs a product approval program for PIV related products destined for the U.S. Government market.
About charismathics
charismathics is a global leader in identity management software. Its premier product, the charismathics Smart Security Interface (CSSI), makes it cost-effective and easy for enterprises to integrate multiple authentication solutions into a single, transparent interface. Since 2003, charismathics has pioneered the field of Public Key Infrastructure (PKI), introducing the first PKI client to support Trusted Platform Modules (TPM) and the first PKI client to support pre-boot environments. charismathics offers security products and PKI consulting in a variety of industries including banking and finance, healthcare, telecommunications, security, government and PC manufacturing. For more information, visit www.charismathics.com.
About atsec information security
atsec information security is an independent, standards-based information technology security services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec was founded in Munich (Germany) in 2000 and has extensive international operations with offices in the U.S., Germany, Sweden and China.
atsec offers evaluation and testing services leading to formal certification for IT security including evaluation under Common Criteria schemes in the U.S., Germany, and Sweden; cryptographic module and algorithm testing under the Cryptographic Module Validation Program of the National Institute of Standards and Technology (NIST) in the U.S. and Communications Security Establishment Canada (CSEC) in Canada; and compliance validation to the Payment Card Industry (PCI) Data Security Standard.
atsec also offers secure code review, ISO/IEC 27001 ISMS consulting, and penetration testing and scanning services.
atsec works with leading global companies such as IBM, Apple, Microsoft, Hewlett-Packard, Oracle, Cray, BMW, SGI, Vodafone, Swisscom, RWE, and Wincor-Nixdorf.
