A Golden Age in Federal Technology Procurement

Originally posted in its entirety at AFCEA's Signal Magazine.

The National Institute of Standards and Technology's (NIST) benchmark for encryption modules has seen recent innovation, opening the playing field for competition.

For years, NIST’s Federal Information Processing Standards (FIPS) 140-2 validation list read like a Who’s Who of Fortune 100 technology vendors. Only those products that leverage cryptographic modules shown on the list were eligible for federal agency deployment. Until recent changes, only the deepest pockets could absorb the costs of development, testing and expensive consultants to facilitate introducing solutions into the federal marketplace.

Soft costs for FIPS 140-2 validation efforts added up as well, with significant hours required from engineering teams. The result? A huge barrier to entry, effectively blocking any technology company outside of the elite (or rich) from participating in the lucrative federal cybersecurity market. It built a phenomenal feedback loop for those big enough to enjoy it. It was fantastic for the vendors on the inside, but terrible for agencies severely limited in their available options for deployment.

Keep reading at AFCEA's Signal Magazine!

Ray Potter

Ray Potter is the Founder of SafeLogic, which was spun off from his previous venture, the Apex Assurance Group consulting firm. He brings over 20 years of security and compliance experience, including leading teams at Cisco and Ernst & Young, to the operations team at SafeLogic. Ray loves playing guitar and flying airplanes.

FIPS validation• innovation• guest blog• history• federal acquisition• FIPS 140-3• guest• Ray Potter• AFCEA• government• FIPS 140• procure• procurement• RapidCert• federal procurement• editorial• deploy• military• federal

Back to posts

The SafeLogic Blog