Panelists: Apostol Vassilev, Research Lead–STVM, CSD; Barry Fussell, Technical Leader, Cisco Systems; Robert Relyea, Red Hat; Shawn Geddis, Security & Certifications Engineer, Apple The Cryptographic Module Validation Program (CMVP) was established on July 17, 1995 by the National Institute of Standards and Technology (NIST) to validate cryptographic modules conforming to the Federal Information Processing Standards (FIPS) 140-1, Security Requirements for Cryptographic Modules, and other FIPS cryptography based standards. The existing government validation program leverages third-party labs to do independent testing of commercial products for government use. This worked well 20 years ago, but technology has rapidly advanced and this old model has become cumbersome. We also live in times of unprecedented levels of threats and exploits that require frequent product updates to fix defects and remove security vulnerabilities, which doesn’t fit in the current model. Can we use technology to fix this? Panelists from industry and government will discuss ideas for reshaping this process and modernizing it from the ground up. Followed by demonstrations.

Certification Programs Track