Defense kicks off open-source encryption program

The Defense Department has launched a new program to encourage the use of open- source encryption software within DOD systems.

The Open Source Software Institute of Hattiesburg, Miss., will support the OpenCrypto Management Program, which is part of DOD's Open Technology Development road map initiative. The goal of that program is to provide DOD with greater system development and acquisition flexibility through collaborative software development.

The OpenCrypto Management Program is a continuation and expansion of an earlier OSSI effort to certify the OpenSSL open- source encryption module under Federal Information Processing Standards 140-2, said OSSI Executive Director executive director John Weathersby.

'Interests within the DOD were pleased with the results of the initial OpenSSL validation program and have identified extensions to that work for greater availability of FIPS 140-2 validated open- source software for use within DOD IT systems,' Weathersby said.

In OSSI's earlier work, the source code for OpenSSL was certified. Now the team will validate a binary model of the OpenSSL. The team will then update the version for additional validations every six to eight months to address vendor concerns with the initial open- source- based validation.

'Prospective end users can use the specific binaries that were validated, if they happen to be suitable as-is. If not, OSSI will ' in collaboration with the OpenSSL team ' build a binary for the desired platform, where technically possible,' said OSSI technical project manager Steve Marquess. 'Under a CMVP process known as 'vendor affirmation' ['vendor affirmation' (known as CMVP Implementation Guidance, section G.5],) that binary as delivered to the end user will satisfy the requirements for a FIPS 140-2 validated module.'

For non-U.S. DOD end users, there will be a one-time charge calculated on a cost-recovery basis, Marquess said.

inside gcn

  • health data

    Improving the VA patient journey with data transparency

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group