Recently there have been a lot of stories involving the security flaws of some high profile encrypted flash drives.  Some follow up articles have claimed the initial news to be nothing more than FUD (Fear, Uncertainty, Doubt) stories, an attempt to influence public perception with negative information on what is essentially a nonstory.

We, however, disagree.  If there is a security flaw in what is supposed to be a secure flash drive, one certified by the U.S. government and used for sensitive data, this is extremely newsworthy.  The fact that they are FIPS certified only increases its newsworthiness.

Many government agencies are required to purchase FIPS validated/certified products.  This requirement is based on the belief that if a device is FIPS certified, it is secure enough for sensitive government information.  While FIPS only validates cryptographic functionality of products, there may be additional security aspects reviewed in the future (Common Criteria for example).  NIST's stance, that they are "actively investigating whether any changes in the NIST certification process should be made in light of this issue" may indicate that they need to also review items that have traditionally been treated as out-of-scope from a FIPS standpoint, but are certainly security relevant.  One example would be a review of the cryptographic boundaries of security products.

Written by Kanguru Solutions — October 31, 2012

Today's Schedule

The Very Latest From Kanguru

Stay informed about the most up-to-date Kanguru products, services, special events and insights on IT technology from leaders in the secure data storage and duplication industry.

visit Kanguru News visit GuruBlog