My colleague, Alexander Mazuruc, attended the International Cryptographic Module Conference that took place last month in Gaithersburg, Maryland. Alex is a Senior Developer at WinMagic and has a unique “flair” for navigating the arcane world of product security certifications. He has delved deeply into Common Criteria and has been our go to person for all things FIPS for almost a decade.
The conference which Alex attended ICMC 2013 is basically a Federal Information Processing Standard (FIPS) 140 conference. FIPS 140 is a Cryptograph Module Validation Program which SecureDoc’s cryptographic engine is certified against. FIPS 140 validation is a “hard” requirement for the U.S. and Canadian governments, as well as, many security conscious organizations worldwide. The conference ran the week before the partial shutdown of the US Government and the NIST website so the timing worked out well.
Alex reports, “[The] conference was good…I learned what I expected to learn: how FIPS fits into the Government needs and the industry, how FIPS things are regulated, where they are moving to and what the hot spots are, [among] other things.”
There were approximately 100 attendees or so at the event. This was no security generalist RSA-like conference. It truly lived up to its billing:
“An Expert Community of Users Focused on The FIPS 140-2 Standard…Experts from around the world convened at ICMC 2013 to address the unique challenges faced by those who produce, use, and test cryptographic modules that conform with standards such as FIPS 140-2 and the ISO/IEC 19790 standard. The conference helped to foster a focused, organized community of users. ICMC covered the technical design problems to meet the standard, with a particular emphasis on the challenges posed as technology advances with respect to the current standards.”
So why the blog title “Almost famous?” In researching this blog on the NIST website I found Alex’s name as the contact person for many of our cryptographic module validations and I think that’s pretty neat.