CERTIFICATIONS & STANDARDS

Leveraging Fortress Technologies' years of experience in developing secure network solutions for the US Government and other sensitive application environments, the Fortress Security System offers proven wireless security for the most demanding mission critical environments. Fortress uses industry-leading methods such as robust key agreement mechanisms, multi-factor authentication including device-specific authentication, validated random number generation, message integrity checking and powerful encryption algorithms including 3DES and AES.

The Fortress family of Wireless Security Gateways and Secure Clients are the first Layer 2 wireless network security products to be certified under the National Institute of Standards and Technologies (NIST) Federal Information Processing Standard (FIPS) 140 certification program.

Fortress Technologies has had multiple product validated under the FIPS 140 standard from NIST. FIPS is a rigorous security validation that federal governments require in all network security implementations.

The Fortress Security System is the first of its kind to receive an Interoperability Assessment and a Standards Conformance certification for 802.11 networks by the Defense Information Systems Agency's (DISA) Joint Interoperability Test Command (JITC). This certification is a critical milestone in the deployment of wireless devices within U.S. Department of Defense networks, affirming Fortress’s ongoing commitment to meeting the interoperability requirements of the DoD.

Fortress Technologies has received the Security-Proof-of-Concept-Keystone (SPOCK) from the Department of Defense. SPOCK is a program that provides rigorous performance testing of security devices in live and simulated defense environments. Fortress' patented Secure Packet Shield (SPS) technology was the first VPN technology proven to meet or exceed all performance objectives through the SPOCK process.

 

As a member of the Wi-Fi Alliance, Fortress Technologies is committed to the advancement of wireless networking interoperability. The Wi-Fi Alliance, a global, non-profit industry association, was created to promote and certify interoperability of products and services based on 802.11 technology.

 

FIPS Certifications

The Federal Information Processing Standards, Security Requirements for Cryptographic Modules (FIPS 140) was established in 1995 to provide assurance that encryption products deployed in US government applications performed properly, and that they provide appropriate levels of data protection. The use of FIPS 140-validated encryption modules is mandated for all Federal network and communications systems that handle sensitive information.

Approximately 300 commercial products have been granted validations under the first phase of this program and products that were in the initial (prior to June ’02) testing pipeline continue to receive validation certificates under the FIPS 140-1 program. Products submitted for first-time validation or revalidations after June ’02 are granted the FIPS 140-2 certificate based on revised submission criteria. The cryptographic testing performed under this program remains unchanged so that products bearing either FIPS 140-1 or FIPS 140-2 validations can be treated equally for adoption or deployment into sensitive environments.

The following web link clearly indicates the on-going applicability and acceptance of either FIPS designation: National Institute of Standards and Technology (NIST) Cryptographic Module Validation Program

Fortress has had multiple products validated under the FIPS 140 standard from NIST including the validations listed below:

Fortress Secure Wireless Access Bridge ES520

• FIPS 140-2 Validation Certificate #756 Wireless Access Bridge

Fortress Security Controller FC-X

• FIPS140-2 Validation Certificate #718, Fortress Security Controller

Fortress Security Gateway

• FIPS140-2 Validation Certificate #386, AF Wireless Security Gateway

Fortress Security Gateway AF2100

• FIPS 140-2 Validation Certificate #581, AF Wireless Security Gateway

Software Secure Client - Windows XP Pro SP1, Windows 2000 SP2, Windows NT 4.0 SP2, Windows 98 2nd edition, Windows CE 3.0, PalmOS 4.1 (Fortress version 2.2.0), MS DOS 6.20

• FIPS140-2 Validation Certificate #773, Fortress Secure Client
• FIPS 140-2 Validation Certificate #424, AF Secure Client
• FIPS140-1 Validation Certificate #358, AF Secure Client

A complete listing of all FIPS 140 standard validations is maintained by NIST and can be viewed through the web link: http://csrc.ncsl.nist.gov/cryptval/140-1/1401val.htm

FIPS Background

The FIPS 140 Cryptographic Module Validation Program (CMVP) is jointly administered by the Computer Security Division of the National Institute of Standards and Technology (NIST) and the Communications Security Establishment (CSE) of Canada.

Fortress Technologies, Inc. has been, and remains, a strong advocate of FIPS 140 validation since its inception, obtaining one of the first validations (Certificate #33) in 1997, and continuing a successful and continuous history of product validations on every version of encryption product it has developed. During 2002, Fortress achieved FIPS validation of the first product to secure wireless communications at Layer –2 of the OSI ‘stack’.

It is the Fortress position that FIPS validation assures not only that its encryption products are developed to the highest government standards for military and civilian use, but also enables our customer to ensure, through independent means, that the encryption used within their security architectures are sound. While arduous, we believe the FIPS 140 validation program represents the most effective means of providing the best security products to the communications security customer, whether in the government or private sectors.