Interview with Michael Jacobs, information assurance director at the NSA. " ... to make sure commercial tools pass muster in terms of security, the NSA runs them through new software-testing programs. These programs, the Common Criteria Evaluation and Validation Scheme and the Cryptographic Module Validation Program, are part of the agency's National Information Assurance Partnership, a joint effort with the National Institute of Standards and Technology (www.niap.nist.gov), IT product vendors and users.
Products must pass rigorous testing before earning a Common Criteria security rating. The ratings were developed to help the Fort Meade, Md.-based NSA, but they're also available to private-sector users. And because testing standards are international, buyers of evaluated products can deploy them more easily across the globe.
The link for this article located at ComputerWorld is no longer available.
