| Interview with Michael Jacobs, information assurance director at the NSA. " ... to make sure commercial tools pass
muster in terms of security, the NSA runs them through new software-testing programs. These programs, the Common
Criteria Evaluation and Validation Scheme and the Cryptographic Module Validation Program, are part of the agency's
National Information Assurance Partnership, a joint effort with the National Institute of Standards and Technology
(www.niap.nist.gov), IT product vendors and users.
Products must pass rigorous testing before earning a Common Criteria security rating. The ratings were developed to
help the Fort Meade, Md.-based NSA, but they're also available to private-sector users. And because testing
standards are international, buyers of evaluated products can deploy them more easily across the globe." |