Last Friday’s DoD Industry Day on\u00a0Network Penetration Reporting and Contracting for Cloud Services c<\/em>ame with a big announcement from the Pentagon’s head of IT – DoD CIO John Zangardi.<\/h5>\n

The Pentagon will begin to hold\u00a0contractors to higher standards of security when it comes to the products that are operating on the network and their systems. As we have seen elsewhere in government, advanced threats have created the need for tighter and stricter regulations on the way products process sensitive information. Mr. Zangardi stated that \u201cwith these regulations, we are asking to implement some of the same defenses as we are implementing for the department\u2019s networks.\u201d<\/h5>\n

As part of this new push, contractors doing business with the DoD must now provide\u00a0\u201cadequate security\u201d when connecting to the DoD network and its components \u2014 which at minimum means compliance with the National Institute of Standards and Technology\u2019s (NIST) Special Publication 800-171<\/a><\/span>. Section 3.13.11 within this Special Publication states product vendors must \u201cemploy FIPS-validated cryptography when used to protect the confidentiality of Controlled Unclassified Information (CUI).\u201d<\/h5>\n

FIPS<\/a><\/span><\/strong>-validated cryptography is defined within the\u00a0document as a cryptographic module validated by the Cryptographic Module Validation Program (CMVP) to meet requirements specified in\u00a0FIPS<\/a><\/span><\/strong> Publication 140-2 (as amended). As a prerequisite to CMVP validation, the cryptographic module is required to employ a cryptographic algorithm implementation that has successfully passed validation testing by the Cryptographic Algorithm Validation Program (CAVP).<\/h5>\n

As a result all DoD contractors that deploy products with CUI and which utilize encryption\u00a0must now at a minimum ensure they are validating cryptographic functionality through\u00a0FIPS 140-2<\/a><\/span><\/strong>. Additional regulation from the Pentagon in October of 2016 further define the various levels of security and CUI in the\u00a0Safeguarding Covered Defense Information and Cyber Incident Reporting<\/a>.<\/span>\u00a0Defense contractors have until the end of calendar year 2017 to comply with the regulation.<\/h5>\n

If you need help validating your product, Corsec offers a wide range of services to help you complete either CMVP testing or the entire FIPS 140-2<\/a><\/span><\/strong> validation process. The process is\u00a0streamlined with the deployment of Corsec’s patented Ultima solution which eases the burden of algorithm testing and allows for more efficient resource allocation; increasing efficiency and productivity throughout the project.<\/h5>\n

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements \u2013\u00a0Subscribe<\/a><\/span><\/h5>\n","protected":false},"excerpt":{"rendered":"

Last Friday’s DoD Industry Day on\u00a0Network Penetration Reporting and Contracting for Cloud Services came with a big announcement from the Pentagon’s head of IT – DoD CIO John Zangardi. The Pentagon will begin to hold\u00a0contractors … <\/p>\n

Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":10816,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,91],"tags":[82,83,87,4,39],"class_list":["post-10438","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-security","tag-certification-process","tag-certification-roi","tag-industry-updates","tag-fips-140-2","tag-security-certifications","infinite-scroll-item","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","no-featured-image-padding"],"yoast_head":"\n