 |
|
DAILY NEWS AND INFORMATION
FOR THE GLOBAL GRID COMMUNITY /
|
Breaking News -
Security:
Forum Systems Awarded DoD-PKI
Certification
Forum Systems Inc, a leading provider of trust management and threat
protection Web services security solutions, announced the release of the first
Federal Information Assurance Gateway (FIA) for government agencies that is
DoD PKI certified. Following strict compliance testing of the Forum Sentry and
requirements defined by Joint Interoperability Test Command -- Department of
Defense (JITC DoD-PKI), the Forum Systems FIA Gateway (Sentry 1504G) has
passed 100 percent of DoD's PKI security and interoperability tests and is
currently being deployed by government agencies for secure information sharing
and collaboration.
Forum Systems FIA Gateway is an integrated security solution that provides
threat protection and trust management -- the two critical components
necessary for information assurance and exchange, while also ensuring that all
e-government mandates are being achieved including the Health Insurance
Portability and Accountability Act (HIPAA), Gramm-Leach Bliley, Sarbanes Oxley
and others.
"We recognize the value of providing our customers with the most advanced
security capabilities no matter how rigorous the testing process," said Mamoon
Yunus, chief technology officer of Forum Systems. "It's imperative that our
solutions are interoperable with customers' existing infrastructure for a
seamless and thorough security solution."
Forum's FIA Gateway closes the content-security gap in the federal
government
by guarding critical content as it moves between and within federal agencies
allowing automated and centrally managed security policies for information
sharing and dissemination of protected content across multiple exchange points
-- including e-mail, file transfers, EDI, mobile applications and Web
services. This integrated solution can be deployed as an appliance or a
software solution and includes benefits such as DoD PKI Support, Hardware Key
Management and FIPS (Federal Information Processing Standard) compliance to
provide hardened security for a tamper-proof environment. A level II
specification for private key life cycle management and secure execution of
cryptographic algorithms, FIPS compliance is an essential requirement for
public key-enabled U.S. & European e-Government applications.
The FIA Gateway (Sentry 1504G) includes these unique capabilities:
- DoD PKI Certification: The Forum Sentry 1504G appliance met the
requirements of the "Department of Defense Class 3 Public Key Infrastructure
Public Key-Enabled Application Requirements," version 1.0 13 July 2000 in the
following areas: Retrieving Certificates, Importing Keys and Certificates,
Storing Trust Points, Verifying Communication Protocols, Checking Certificate
Status, Path Development and Processing, Application Configuration and
Application Documentation.
- Integrated FIPS Compliant: The Forum Systems Appliance contains an
integrated Hardware Security Module (HSM) that is FIPS 140-2 Level III
validated. The HSM provides all the sensitive cryptographic operations and
hardware key storage for both SSL operations as well as WS-Security
operations.
- Digital Signatures -- Digital Signatures are digital codes that can be
attached to an electronic transmission, or document, that uniquely identify
the sender. Digital signatures are essential to secure transmission of content
over intranets, or over the Internet.
- Public-key Infrastructure (PKI) Enablement -- PKI employs a two-step
approach to protect the security of communications and business transactions
on the Internet. A PKI system generates two keys for a user -- one is a
"private" key and the other, the "public" key, is widely published.
- Federal Enterprise Architecture (FEA) -- The FEA is an initiative of
the
federal government. This framework is designed to improve communication flow,
and efficiency, via integration of disparate systems. It will also be able to
enhance cost savings through reuse of technology and components.
- Transaction Archive -- A Transaction Archive is a repository for
recording
the history of XML, and non-XML, transactions and storing them in an external
database. Government agencies must continuously record and audit their
mission-critical electronic business transactions to support regular security
reviews of all programs and systems. By archiving XML transactions, and other
content, it is possible to analyze security breaches, maximize operational
performance and maintain regulatory compliance.
|