Not a day goes by when I don’t see an article about the importance of our nation’s Cybersecurity efforts. While you can debate the level of investment and focus the government is giving to Cybersecurity, one effort that has made everyone’s check list these days is FIPS – specifically FIPS 140-2. For those of you who run outside these circles, FIPS (which stands for Federal Information Processing Standard), 140-2 certification is a program that essentially states that the cryptography module used within vendor products sold to the federal government meet specific security requirements. This is an important standard for many government agencies, and one that Tripwire is committed to meeting through testing of an independent lab. You can see that Tripwire is currently in process for FIPS 140-2 certification here: http://csrc.nist.gov/groups/STM/cmvp/inprocess.html.
While FIPS 140-2 certification of vendors is an important step in the government’s plan for Cybersecurity, there are other necessary actions to take – from ensuring FISMA compliance to measuring security performance, which will require effective controls, especially around the correctness of configurations and the enforcement of change control processes. We look forward to working closely with our government partners to ensure that they meet these goals as quickly as possible, with as few resources as necessary.