ReefEdge of Fort Lee, N.J., this week announced that it’s the first company with a wireless product to earn the government’s FIPS 140-2 certification — a critical certification for selling security systems to the federal government — at the second level of security. In addition, the ReefEdge Connect System is also ready for use by the Department of Defense (DoD) by meeting two of that department’s requirements.
FIPS is short for Federal Information Processing Standards, the cryptographic standard created by the National Institute of Standards and Technology (NIST). The standard, now in its second generation (140-2 replaces 140-1), has four levels of security — Level 1, Level 2, Level 3, and Level 4 — that increase in quality as they go up. They are suitable for a wide array of areas in which cryptographic modules could be used.
Sandeep Singhal, the company’s chief technology officer, says that in the company’s three years of selling wireless products, the primary markets it’s serviced have been verticals: medical, retail, and the government, with installations focused on the day-to-day operations in those areas. The FIPS 140-2 Level 2 certification, he says, will help not only with federal sales but also “there’s focus and interest on it from state and local and the financial sector.”
The Level 2 certification focuses not just on the “correctness of the cryptography,” says Singhal, “but also on the tamper evidence of the system.” Units are checked down to the hardware and software level for the potential for physical tampering, and even the company’s process for delivering the products is audited. By Level 4, he says the certification literally looks to see that a physical product is made physically impregnable.
The ReefEdge system is also integrating with some of the key identity management schemes of the DoD, namely its Public Key Infrastructure (PKI) and Common Access Card (CAC) requirements. The DoD has over a million certificates out there, many of which are integrated on the CAC smart cards used by DoD personnel for identification and access.
“We enable, through our software, to let personnel plug their smart card into a PDA or laptop, log into the wireless network, and they can go about their useful work,” says Singhal. This makes the move from WLANs in select areas to availability DoD-wide a possibility.
“Government employees are inherently mobile,” he adds.
ReefEdge recently deployed the full FIPS 140-2 Level 2 system with customer SAIC Telcordia, a research company for the government that uses security exceeding 140-2 as policy. They serve as a system integrator for the Connect System product and the overall ReefEdge Wireless Fabric which it is part of.
