Important News:SafeLogic's CryptoComply Achieves FIPS 140-3 Validation for 28 OEs and Receives Certificate #4781! Read the blog post!
The SafeLogic Blog
Tackling the Federal Procurement Conundrum
December 3, 2015 •Walt Paley
Lt. Col. Scott Trail had a great editorial in National Defense magazine that I read recently. It was titled 'How to Unlock Innovation at the Defense Department'. Coming from a Defense and Aerospace Acquisition Team Lead, this was an interesting topic to be sure.
Trail delivered, as he didn’t pull any punches. He emphasized the need for speed and the real urgency of accelerating the schedule for procurement and deployment, lest we fall [arguably further] behind our global rivals. In fact, he asserts an opinion that we are spending too much time trying to make drastic improvements and we need to take a more agile approach. Deploy and revise on a much shorter lifecycle, he says. "Speed should be considered as a strategic enabler over fielding full capacity in a single step." While Trail uses helicopters and amphibious transports as the examples from his area of expertise, the concept extends to smaller technology and definitely applies to software.In our sphere, we see engineering teams that are so accustomed to the legacy FIPS 140-2 process that they automatically peg it for a future release barely on the horizon. They expect hundreds of man-hours and months of aggravation. They figure that since it used to take a year to a year-and-a-half, nothing that they build during that waiting period really matters for federal procurement. As a result, we get federal-specific software releases that are obsolete before they even get a SKU assigned, because the supported platforms are so old. Why? Because those were the relevant operating environments when the FIPS effort began.
Bottom line – it’s all too often that the software offered to the public sector is either old or non-compliant. What a conundrum! The product is updated for private use – quickly, frequently and effectively – but hasn’t received the proper testing for federal deployment. Unhelpful. The product earmarked for government has been updated, but slowly, sporadically and it’s frankly irrelevant by the time it has been revved. This is not competitive and it doesn’t help anyone!
Every production version of your solution should be ready for federal procurement. That’s our philosophy. You should be able to move at the speed of business, not on a timeline set by testing labs and consultants. The company that will win is the one that is able to sell their current product [yes, the one that marketing has described as “bleeding edge” and “next gen”] in real-time to federal, in full compliance with procurement requirements on the actual operating environments that are being used. We will be in 2016 in the blink of an eye. The fact that this is still being regarded as the stuff of sci-fi is just sad. We can do it today.
I’m not saying that SafeLogic is saving America… but I am saying that faster FIPS 140-2 validation yields faster product iterations, faster acquisitions and faster deployments. Soldiers and bureaucrats have the same appetite for current technology. Let’s give it to them as soon as possible. THAT is what will benefit our nation… and your revenue numbers.
Contact us for information on our lightning fast RapidCert FIPS 140-2 validations and how we can keep your certificate perpetually updated. We're ready.
Walt Paley
Walter Paley is the VP of Communications for SafeLogic. He is responsible for strategy, content, marketing, and outreach. Walt has worked with a series of start-ups and companies in growth stages, including Nukona (acquired by Symantec), Qubole, Bitzer Mobile (acquired by Oracle), and TigerText, among others. An Alumnus of the psychology program at UC San Diego, Walt lives in Southern California with his wife, kids, and their black lab, Echo.
Popular Posts
Search for posts
Tags
- FIPS 140 (111)
- FIPS validation (85)
- Encryption (70)
- cryptography (68)
- NIST (62)
- CryptoComply (60)
- SafeLogic (58)
- Industry News (54)
- cryptographic module (51)
- Conversations (49)
- CMVP (48)
- RapidCert (46)
- compliance (41)
- Ray Potter (33)
- SafeLogic News (33)
- Event (27)
- federal (27)
- CAVP (23)
- Cybersecurity (23)
- FIPS 140-3 (18)
- OpenSSL (16)
- government (14)
- FedRAMP (13)
- CryptoCompact (12)
- Cryptology (12)
- DoD (12)
- RSA (12)
- healthcare (12)
- partners (12)
- NSA (11)
- post-quantum cryptography (11)
- Cloud (9)
- PQC (9)
- security (9)
- CMMC (8)
- Suite B (8)
- testing (8)
- whitepaper (8)
- Approved Products List (APL) (6)
- HITECH (6)
- ICMC (6)
- lab (6)
- CEO (5)
- NIST 800-171 (5)
- NIST 800-53 (5)
- OpenSSL 3.0 (5)
- iOS (5)
- procurement (5)
- C3PAO (4)
- Common Criteria (4)
- HITECH Act (4)
- deadline (4)
- encrypt (4)
- innovation (4)
- procure (4)
- public sector (4)
- Air Force (3)
- BSAFE (3)
- DFARS (3)
- HIPAA Safe Harbor (3)
- HITECH Safe Harbor (3)
- OpenSSL 1.1.1 (3)
- OpenSSL 3.x (3)
- POA&M (3)
- TLS 1.3 (3)
- magazine (3)
- queue (3)
- transition (3)
- 3PAO (2)
- ACVP (2)
- BAA (2)
- CIO (2)
- CSP (2)
- Cyber Defense Magazine (2)
- Defense Industrial Base (2)
- HIPAA security controls (2)
- Historical Status (2)
- MFA (2)
- OpenSSL 1.0.2 (2)
- SPRS (2)
- StateRAMP (2)
- entropy (2)
- excellence (2)
- finance (2)
- founder (2)
- gold (2)
- leader (2)
- maturity (2)
- overlap (2)
- pilot (2)
- rsa conference (2)
- solution (2)
- sponsors (2)
- sunset (2)
- vendor (2)
- year (2)
- Active Status (1)
- Alliance for Digital Innovation (1)
- Android (1)
- CIO Prime Views (1)
- DHS (1)
- DIU (1)
- DIUx (1)
- DOJ (1)
- DoDIN APL (1)
- Entropy Source Validation (1)
- FCA (1)
- FIPS Compliance (1)
- FISMA (1)
- GSA (1)
- HITRUST (1)
- Matt Cornelius (1)
- Matthew Cornelius (1)
- Maturity Model (1)
- NCCoE (1)
- OMB (1)
- SLED (1)
- SP800-131A (1)
- SP800-90A (1)
- TLS 1.1 (1)
- background (1)
- best (1)
- co-founder (1)
- codies (1)
- congress (1)
- cybertech (1)
- education (1)
- elliptic curve cryptography (1)
- extended (1)
- faq (1)
- fintech (1)
- fiscal (1)
- fiscal year (1)
- fraud (1)
- globee (1)
- hill (1)
- interview (1)
- kratos (1)
- libgcrypt (1)
- national cybersecurity strategy (1)
- opportunities (1)
- parallel (1)
- profile (1)
- public (1)
- representatives (1)
- reseller (1)
- senate (1)
- senators (1)
- simplify (1)
- state (1)
- stealth mode (1)
- story (1)
- terminology (1)
- trophy (1)
- whistleblower (1)
- whistleblowing (1)