by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : September 15, 2015
When it comes to secure communications, the federal government’s requirements are crystal clear—the vast majority of emails, documents, and other types of communication shared with others must be fully secure and encrypted. For years, agencies have been doing what they can to comply. Notebooks and PCs are outfitted with PKI-based digital signing and encryption technol- ogy, letting them comply with the FIPS 140-2 standard for cryptographic modules. In some cases, agencies in- stall VPN tokens on notebooks, which let employees access agency systems securely from remote locations. Agen- cies also have added readers for smart- cards and Personal Identity Verifica- tion (PIV) cards to PCs and notebooks for physical access control. While these methods work well for notebooks and PCs, they don’t work well at all for mobile devices. That has become increasingly important; mobile device usage among federal employees has skyrocketed, and many of them are owned by the employees themselves. It is difficult enough to ensure that mobile devices comply with FIPS 140-2 Level 2, but companying with FIPS 140-2 Level 3 or Identity Level of Assurance (LOA) 4 requirements traditionally have been impossible. There is no good way, for example, to integrate smart card readers for authentication into commercial mobile devices. NIST addressed this issue in recent guidance (SP 800-157), which promotes the idea of the derived PIV credential—an alternative token that can be deployed directly on mobile devices. In its guidance, NIST explains that derived PIV credentials requiring hardware-based secure elements are the best way to meet the challenge of securely authenticating mobile devices. Secure MicroSd GO-Trust Technology is the first company to develop a microSD secure element—basically, an encrypted chip in a microSD form factor. SDencryp- ter, its flagship product, is a secure microSD with full in-chip hardware- based authentication and encryption/ decryption. SDencrypter and its component-on- ly counterpart JetSmart are certified at FIPS 140-2 Level 3 for identity-based authentication, and they are the only secure microSD products that meet and exceed all technical and security requirements of NIST’s SP SP800-157 guidance on derived PIV credentials raising the Identity Level of Assurance to LOA-4. “This is especially beneficial to government agencies where a lot of employees use their own devices, because it provides a level of security that commercial products typically don’t offer,” said GO-Trust CEO Darren Lee. Typically, an agency will purchase the microSD and install it on employees’ mobile devices. That way, agencies have complete control over the security, and can deactivate the chip if necessary. The devices have proven to be an inexpensive and extremely effective way to ensure security up to a very high level. There are many ways that agencies can use the technology to improve mobile security and comply with stringent security regulations. One government agency, for example, installed the microSD cards in some of its employees’ mobile tablets, enabling them to digitally sign and encrypt email from whatever location they happened to be. Another agency wanted to replace some of its employ- ees’ notebooks with mobile phones while still letting them log into the agency’s VPN server. The notebooks had been outfitted with VPN tokens for authorization, but there wasn’t any easy way to do that with mobile phones. It accomplished the task by integrating GO-Trust’s microSD card with the VPN client. Employees can now securely log into the VPN server just as they did with the notebooks. There are many other uses for secure microSD cards throughout the federal government. For example, today’s communication needs extend far beyond email to voice, chat and text. Building on its secure microSD technology, GO-Trust offers military- grade secure communications options for protecting all of these forms of communication. It works by encrypt- ing encrypted peer-to-peer voice, chat and text communication, as well as en- abling participants to share encrypted files with each other. Over time, federal requirements for security will only become more stringent. “I wouldn’t be surprised if the federal government eventually required all mobile communication to be fully secure and encrypted,” Lee said. “We’re ready for that now.” Taking Mobile Secure communications to the next level Gamechanger Game ChanGinG TeChnoloGy To meeT aGenCy missions SponSored content MobilE SEcurity The only secure microsD that meets and exceeds Guidelines for Derived PiV Credentials. www.Go-trust.com
August 30, 2015
September 30, 2015