Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : CKYS - CyberKey Solutions, Inc. -- Ignore unavailable to you. Want to Upgrade?

To: whenitgoesup who wrote (37)	9/19/2006 6:11:39 PM
From: caly	Read Replies (1) \| Respond to of 63

It is. Any product that uses cryptography for any purpose must be certified as FIPS 140 compliant (or be in the process of being certified) before any agency of the government is permitted to buy it. This is how the government ensures that the products they're buying are engineered correctly and use accepted alogrithms and practices to implement security. I'm not trying to bash or anything, just letting you know about a quick red flag I saw. When I see a new company I'm looking into making claims about selling security equipment to the government, the first thing I do is check for FIPS certification. In case you want to see it in writing, here's a document describing what happened when someone in the Dept. of Labor gave a contract to a company whose products were not certified. They're certified now, but they had to completely change the product to use government standard encryption algorithms. oig.dol.gov By March of 2003, DOL had ordered and received the maximum quantities of all products under the Meganet contract at a total cost of $3.8 million. However, in a May 8, 2003 letter, DOL rejected payment of the final invoice from Meganet in the amount of $664,300. The letter cited five specific deficiencies as the basis for refusing payment: 1) the cryptographic module was not validated to comply with NIST FIPS; 2) the encryption tool did not implement the “3DES” encryption method” 3) the Meganet product was not fully interoperable with DOL’s PKI; 4) the digital signature module was not certified to comply with NIST FIPS; and 5) the digital signature tool did not implement the “DSA” digital signature method.