Tripwire Sponsors Bouncy Castle's FIPS Certification
PORTLAND, Ore. — November 10, 2016 — Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organizations, today announced the successful sponsorship of Bouncy Castle's Federal Information Processing Standards (FIPS) certification. Through this certification, Bouncy Castle’s application program interfaces (APIs) have reached a new level of assurance in respect to algorithm correctness, greatly expanding its market for applications. InfoGard, a UL Company, performed the algorithm validation and module submission.
As a major sponsor of Bouncy Castle’s FIPS certification, Tripwire provided the platforms for testing the modules as well as the lab fees required to submit the module to FIPS. Lab fees represent roughly ninety percent of the certification cost.
“As a security vendor, it’s important to Tripwire and its customers that we maintain strong encryption in our products,” said Andrew Wagner, Senior Director of Engineering for Tripwire. “We’re excited to be able to do so in a way that strengthens the security of the industry as a whole.”
With downloads in the tens of thousands per month, the Bouncy Castle Java APIs have gained significant traction as a preferred cryptography solution since their original development in the late 1990s. While the APIs have benefited from being open source and therefore easily reviewable, the lack of a certified version has restricted their acceptance in some areas as well as deprived their users of the increased assurances that can also come from a recognized independent certification.
In the case of cryptography, such a certification is provided by the National Institute of Standards and Technology (NIST) which manages FIPS 140-2, a United States Government standard for the use and requirements for cryptography. Code written for applications used in the United States government, as well as in many of the financial and medical industries, are based on FIPS standards and guidelines. Additionally, other standards, such as Common Criteria, often bring FIPS into consideration when awarding a certification. In recognition of this, an effort to obtain a FIPS certification for a version of the Bouncy Castle Java APIs was launched late 2013.
“Attaining a FIPS certification represents a significant milestone in our attempts to improve the quality of the Bouncy Castle APIs for Java,” said David Hook, secretary of the Legion of the Bouncy Castle Inc. “We are very grateful that Tripwire made the sponsorship commitment needed to make it possible for the Bouncy Castle charity to fund the lab fees for this certification. All of our users, including our non-FIPS ones, will benefit from the improvements this sponsored effort has made possible.”
For more information, please visit: https://www.bouncycastle.org/fips-java.
Tripwire is a leading provider of security, compliance and IT operations solutions for enterprises, industrial organizations, service providers and government agencies. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business context; together these solutions integrate and automate security and IT operations. Tripwire’s portfolio of enterprise-class solutions includes configuration and policy management, file integrity monitoring, vulnerability management, log management, and reporting and analytics. Learn more at tripwire.com, get security news, trends and insights at tripwire.com/blog or follow us on Twitter @TripwireInc.
About Bouncy Castle
Formed in the late 1990s, the Legion of the Bouncy Castle consisted of a number of individuals united in both their interests in cryptography and open source. The first official release of the Bouncy Castle APIs appeared in May 2000 and was about 27,000 lines long. The project steadily grew, with a C# version of the Java APIs being added in 2006. By 2012, with the Java code base well past 300,000 lines and the C# one over 140,000. In 2013 the Legion of the Bouncy Castle Inc was set up as a registered Australian charity to become the organization that maintains both the progress and quality of APIs.