FIPS testing finds numerous crypto errors

About half of the cryptographic modules submitted for Federal Information Processing Standard validation have security flaws, a National Institute of Standards and Technology survey has found.

Almost all the evaluated products had documentation errors, said Annabelle Lee, director of NIST's Cryptographic Module Validation Program. Speaking recently at the Federal Information Assurance Conference at the University of Maryland, Lee said 80 of 164 crypto modules evaluated had flaws involving physical security, random number generation or key management. Of 332 algorithms validated, 88 had security flaws, and about two-thirds had documentation errors.

Federal organizations are required to use FIPS-compliant crypto products for sensitive but unclassified data.

About the Author

William Jackson is a Maryland-based freelance writer.

Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected