03/10/2004

Forum Systems, a provider of trust management and threat protection Web services security solutions, unveiled what it says is “the first Federal Information Assurance Gateway (FIA) for government agencies that is DoD PKI certified.”

“Following strict compliance testing of the Forum Sentry and requirements defined by Joint Interoperability Test Command –Department of Defense (JITC DoD-PKI),” Forum says, “the Forum Systems FIA Gateway (SentryT 1504G) has passed 100 percent of DoD's PKI security and interoperability tests and is currently being deployed by government agencies for secure information sharing and collaboration.

“Forum Systems FIA Gateway is an integrated security solution that provides threat protection and trust management - the two critical components necessary for information assurance and exchange, while also ensuring that all e-government mandates are being achieved including the Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach Bliley, Sarbanes Oxley and others.”

"We recognize the value of providing our customers with the most advanced security capabilities no matter how rigorous the testing process," said Mamoon Yunus, chief technology officer of Forum Systems. "It's imperative that our solutions are interoperable with customers' existing infrastructure for a seamless and thorough security solution," he added.

Forum asserts that its FIA Gateway “closes the content-security gap in the federal government by guarding critical content as it moves between and within federal agencies allowing automated and centrally managed security policies for information sharing and dissemination of protected content across multiple exchange points -- including email, file transfers, EDI, mobile applications and Web services. This integrated solution can be deployed as an appliance or a software solution and includes benefits such as DoD PKI Support, Hardware Key Management and FIPS (Federal Information Processing Standard) compliance to provide hardened security for a tamper-proof environment. A level II specification for private key life cycle management and secure execution of cryptographic algorithms, FIPS compliance is an essential requirement for public key-enabled U.S. & European e-Government applications.”

Capabilities of the FIA Gateway (SentryT 1504G) include, IN FORUM’S WORDS:

• DoD PKI Certification: The Forum Sentry 1504G appliance met the requirements of the "Department of Defense Class 3 Public Key Infrastructure Public Key-Enabled Application Requirements," version 1.0 13 July 2000 in the following areas: Retrieving Certificates, Importing Keys and Certificates, Storing Trust Points, Verifying Communication Protocols, Checking Certificate Status, Path Development and Processing, Application Configuration and Application Documentation.



• Integrated FIPS Compliant: The Forum Systems Appliance contains an integrated Hardware Security Module (HSM) that is FIPS 140-2 Level III validated. The HSM provides all the sensitive cryptographic operations and hardware key storage for both SSL operations as well as WS-Security operations.



• Digital Signatures - Digital Signatures are digital codes that can be attached to an electronic transmission, or document, that uniquely identify the sender. Digital signatures are essential to secure transmission of content over intranets, or over the Internet.



• Public-key Infrastructure (PKI) Enablement - PKI employs a two-step approach to protect the security of communications and business transactions on the Internet. A PKI system generates two keys for a user - one is a "private" key and the other, the "public" key, is widely published.



• Federal Enterprise Architecture (FEA) - The FEA is an initiative of the federal government. This framework is designed to improve communication flow, and efficiency, via integration of disparate systems. It will also be able to enhance cost savings through reuse of technology and components.



• Transaction Archive - A Transaction Archive is a repository for recording the history of XML, and non-XML, transactions and storing them in an external database. Government agencies must continuously record and audit their mission-critical electronic business transactions to support regular security reviews of all programs and systems. By archiving XML transactions, and other content, it is possible to analyze security breaches, maximize operational performance, and maintain regulatory compliance.