AirFortress Gets Government Certification

By Eric Griffith

July 15, 2002

Fortress Technology, provider of wireless security to the United States Army, is official -- its AirFortress product now has the test-based FIPS 140-1 cryptography certification.

The Army has been testing out Tampa, FL-based Fortress Technologies' AirFortress for a while now, but as of this week, the product finally meets the government standards for cryptography of non-classified information. AirFortress is now FIPS 140-1 certified.

FIPS is short for Federal Information Processing Standards; the 140-1 cryptographic standard was created by the National Institute of Standards and Technology (NIST). The standard has four levels of security - Level 1, Level 2, Level 3, and Level 4 -- that increase in quality as they go up. They are suitable for a wide array of areas in which cryptographic modules could be used.

Companies that need FIPS certification contract with outside labs that are partners with the federal government. The labs, which go through some rigorous accreditation by the government, perform tests to see if products and services meet the FIPS requirements.

"[FIPS certification] allows the government to put on their stamp of approval," says Shawn Hughes, President and CEO of Fortress Technologies. "To sell secure solutions to the federal government, it has to have FIPS approval, especially post 9-11."

Even before testing and certification was done, the Army had committed to purchasing thousands of Wireless Security Gateways ($1,995 commercially). Fortress expects to deploy 2,000 gateways and eventually have 85,000 users in the Army. The government had confidence in Fortress that certification would happen, since the company has been through FIPS tests before. However, Hughes noted, had AirFortress not received FIPS certification, the entire deployment would have ended right there.

With FIPS certification complete, Fortress looks forward to developing relations ships with other branches of the Armed Services and the federal government.

"We expect as much as half our business to be from the government and military this year," says Hughes, but he feels the certification is also a "really strong validation for commercial customers looking for authentication. While not all can make sure it works, the government did it for them."

The gateways, together with clients and the free access control server software, help form the complete AirFortress security solution, which uses Layer 2 Wireless Link Layer Security (wLLS) to compress -- which increases throughput -- and 128-bit AES (Advanced Encryption Standard) to encrypt all wireless data.

The Army, however, is not using the full AirFortress setup: "The solution they're using is only the gateways to secure communications coming in," says Hughes.

The Army is rolling out AirFortress gateways within its Combat Service Support Automated Information System Interface (CAISI) Project, which tracks field supplies, weapons and vehicles, as well as their maintenance. The project almost went live last year but the Army stopped all use of 802.11b wireless LANs when security issues when using wired equivalent privacy (WEP) encryption in 802.11b networks were revealed.



Comment and Contribute
(Maximum characters: 1200). You have
characters left.