atsec information security is proud to announce the successful evaluation of charismathics’ “Smart Security Interface PIV” middleware. The evaluation followed the GSA FIPS 201 Evaluation Program - PIV Middleware Approval Procedure (Version 7.0.0 October 31, 2007).
PIV middleware provides the interface between an agency's Logical Access implementation and the PIV card. With the charismathics Smart Security Interface PIV agencies can use the PIV card to log on to the PC as well as a variety of applications and systems to meet the FIPS 201 directives relating to Logical Access. charismathics’ “Smart Security Interface PIV” middleware was tested through the NIST PIV Program (NPIVP), and evaluated for approval by the GSA FIPS 201 Evaluation Program. With the successful evaluation, it is now listed on the GSA FIPS 201 approved Products List (APL) and can be purchased by all federal agencies.
“atsec was instrumental in obtaining our approval by the GSA FIPS 201 evaluation program as well as compliance with the 800-73-2 specification,” commented Sven Gossel CEO of charismathics. “Our PIV middleware offers an elegant choice for Government Agencies complying with HSPD 12 for enabling Logical Access for the PIV card. With the charismathics CSSI PIV solution, our customers have the choice to support PIV cards from multiple suppliers thus creating flexibility and lowering overall costs. It is our goal to continually innovate and lead with technology through horizontal integration paths to provide open platforms that offer choice for our partners and customers.”
FIPS 201 (with its supporting documents) is the mandatory standard that addresses Homeland Security Presidential Directive 12. HSPD-12 mandates a government-wide standard for secure and reliable forms of identification issued by the Federal Government to its employees and contractors.
The entry (#450) on the GSA FIPS 201 Evaluation Program Approved Product List (fips201ep.cio.gov/apl.php) reads:
"charismathics Smart Security Interface PIV"
Part #: CSSI-PIV21
SW version: 126.96.36.199
atsec is an accredited laboratory for the GSA FIPS 201 Evaluation Program and also accredited and licensed in the U.S. by the National Voluntary Laboratory Program (NVLAP) for operating laboratories with test scopes for the NIST PIV Program (NPIVP), as well as for Cryptographic Module testing (according to FIPS 140-2), algorithm validations, and SCAP compliance testing.
charismathics (charismathics.com) is a global leader in identity management software. Its premier product, the charismathics Smart Security Interface (CSSI), makes it cost-effective and easy for enterprises to integrate multiple authentication solutions into a single, transparent interface. Since 2003, charismathics has pioneered the field of Public Key Infrastructure (PKI), introducing the first PKI client to support Trusted Platform Modules (TPM) and the first PKI client to support pre-boot environments. charismathics offers security products and PKI consulting in a variety of industries including banking and finance, healthcare, telecommunications, security, government and PC manufacturing.
About atsec information security corporation
atsec (atsec.com) information security is an independent, standards-based information technology security services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec was founded in Munich (Germany) in 2000 and has extensive international operations with offices in the U.S., Germany, Sweden and China.
atsec offers evaluation and testing services leading to formal certification for IT security including evaluation under Common Criteria schemes in the U.S., Germany, and Sweden; cryptographic module and algorithm testing under the Cryptographic Module Validation Program of the National Institute of Standards and Technology (NIST) in the U.S. and Communications Security Establishment Canada (CSEC) in Canada; and compliance validation to the Payment Card Industry (PCI) Data Security Standard.
atsec also offers secure code review, ISO/IEC 27001 ISMS consulting, and penetration testing and scanning services.
atsec works with leading global companies such as IBM, Apple, Microsoft, Hewlett-Packard, Oracle, Cray, BMW, SGI, Vodafone, RWE, and Wincor-Nixdorf.