The First International Cryptographic Module Conference
24.-26. September, Gaithersburg, MD, USA
Konferenz-Website
An Industry First: Initial NIST SP 800-73-3 Compliant PIV Middleware Tested by atsec
2012-05-01Austin, TX – atsec information security, an accredited laboratory for the GSA FIPS 201 Evaluation Program (GSA EP) and NIST Personal Identity Verification Program (NPIVP), is proud to announce the successful NPIVP testing of Oberthur Technologies’ PIV middleware, resulting in the first NIST SP 800-73-3 specification compliant PIV middleware software application:
- Oberthur Technologies ID-One PIV™ Client API, Version 1.3.2.0
The Oberthur Technologies PIV middleware was tested in accordance with the Derived Test Requirements and Test Assertions as specified in NIST Special Publication (SP) 800-85A-2 PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-3 Compliance).
You can find the certificate for this product on the NIST website:
http://csrc.nist.gov/groups/SNS/piv/npivp/validation_lists/SP800-73-3PIVMiddlewareValidationList.html
PIV middleware provides the interface between an agency's PIV access control system and the PIV card application. Correct implementation of PIV middleware helps ensure authorized agency access to card data elements. PIV middleware is tested through NPIVP, and evaluated for approval by the GSA FIPS 201 Evaluation Program.
FIPS 201 (with its supporting documents) is the mandatory standard that addresses Homeland Security Presidential Directive 12. HSPD-12 mandates a government-wide standard for secure and reliable forms of identification issued by the Federal Government to its employees and contractors.
About atsec information security
atsec information security is an independent, standards-based information technology security services company with offices in the U.S., Germany, Sweden, and China. atsec's services include formal laboratory testing and evaluation of information assurance (IA) and IA-enabled commercial off the shelf (COTS) information technology, as well as information security consultancy.
atsec offers evaluation and testing services leading to formal certification of information security technology, including evaluations under Common Criteria schemes in the U.S., Germany, and Sweden. In addition, the atsec U.S. organization operates a Cryptographic and Security Testing Laboratory accredited under the Cryptographic Module Validation and the Cryptographic Algorithm Validation Programs of the National Institute of Standards and Technology (NIST) in the U.S. and Communications Security Establishment Canada (CSEC) in Canada for validating cryptographic modules under the FIPS 140-2 standard.
atsec works with any company, regardless of size or locale, that is serious about IT security.
