Keeping Secrets

privacy       2001-06-18 
Interview with Michael Jacobs, information assurance director at the NSA. " ... to make sure commercial tools pass muster in terms of security, the NSA runs them through new software-testing programs. These programs, the Common Criteria Evaluation and Validation Scheme and the Cryptographic Module Validation Program, are part of the agency's National Information Assurance Partnership, a joint effort with the National Institute of Standards and Technology (, IT product vendors and users. Products must pass rigorous testing before earning a Common Criteria security rating. The ratings were developed to help the Fort Meade, Md.-based NSA, but they're also available to private-sector users. And because testing standards are international, buyers of evaluated products can deploy them more easily across the globe."