Credant Technologies has been awarded FIPS 140-2 validation for the CREDANT Cryptographic Kernel for its Palm OS platforms under the joint U.S. National Institute for Standards and Technology (NIST) and Canadian Communications Security Establishment (CSE) Cryptographic Module Validation Program.
With the CREDANT Mobile Guardian security and management software platform, U.S. federal agencies governed by FIPS 140-2 security directives and organizations can safely extend sensitive data to mobile professionals, gaining the benefits of mobility while meeting strict compliance demands.
"The FIPS 140-2 directive is the most stringent of encryption guidelines, and we have taken great care to develop our technology to meet this strict code," said Bob Heard, Founder and CEO, CREDANT Technologies. "Being awarded this validation assures our customers that they have the most reliable encryption technology protecting their mobile devices."
FIPS 140-2 is part of a series of security validation processes for testing computer and network security products. The purpose of the FIPS validation process is to promote quality, confidence and trust among product manufacturers. It also ensures accuracy and consistency by developing standards-based testing procedures to facilitate third-party validation of a product's cryptographic security features.
"There are 11 different security areas covering design and implementation that must be met to pass the FIPS 140-2 security standard," said Chris Burchett, Co-founder and vice president, product delivery. "While the federal government is the only body that requires this standard be met to do business, many other industries, such as banking, are following suit, and for us, it is a differentiator in the marketplace and sets us apart from many of our competitors."
CREDANT's FIPS-approved algorithms include Triple DES, AES, SHA-1, HMAC- SHA-1 and RNG algorithms. The mobile security product protects the confidentiality of enterprise data stored on laptop and tablet PCs, as well as Pocket PC, PDA and smartphone devices. Encryption policies for users and groups are centrally managed and locally enforced, allowing administrators to define the databases and/or folders where data is to be encrypted when stored on the device or removable media.
Transparent to the user, CREDANT Mobile Guardian performs on-the-fly encryption when data is stored locally on a notebook computer, handheld device or external storage device. Decryption is performed only when data is accessed. In addition to real-time encryption, CREDANT Mobile Guardian enforces multiple levels of mandatory access control across disparate devices, including PIN, password and question/answer for self-service password reset. Other safeguards control what applications and communication methods can be used, automatic idle time lock-down and event-driven data wipe.