Keyfactor Announces NIST FIPS 140-3 Certification for Bouncy Castle
2024年7月31日 - 10:00PM
ビジネスワイヤ(英語)
New certification enables supported Keyfactor
customers to bring new and updated applications to market faster as
post-quantum algorithms draw near
Keyfactor, the identity-first security solution for modern
enterprises, today announced that the Bouncy Castle Java APIs for
Java 8, 11, 17, and 21, one of the most widely used open-source
cryptographic APIs, has received Federal Information Processing
Standards (FIPS) 140-3 certification from the U.S. National
Institute of Standards and Technology (NIST). As a sponsor of the
Legion of the Bouncy Castle, the charitable organization behind
Bouncy Castle, Keyfactor enables continued development and FIPS
certification for the popular APIs.
FIPS 140-3 is the latest standard for validating the
effectiveness of cryptographic hardware and software from the NIST
and will provide the foundation for the next round of cryptographic
standards, particularly those dealing with post-quantum
cryptography. As both government and industry place a growing
emphasis on the need for quantum readiness, recognition of the
Bouncy Castle module achieving FIPS 140-3 certification positions
it to move quickly to post-quantum encryption algorithms as new
standards become available. This better allows Bouncy Castle to
support its users through the coming changes that the move to
quantum readiness will require.
The Bouncy Castle APIs allow organizations to implement and
maintain robust security into their applications, including
encryption, authentication, and the use of digital signatures.
Keyfactor offers customers expert support services for Bouncy
Castle, delivered directly from its creators and developers.
Customers are also provided with early access to the latest
releases and pre-certified FIPS modules, access to the full FIPS
test suite, and the ability to do private label validations for
situations where they need a certificate in their own name.
“Bouncy Castle has been key to our FIPS and FedRAMP strategy for
hundreds of micro-services,” said Max Bern, Software Architect,
Atlassian. “Having direct access to early certified modules and
support has allowed us to rapidly rollout FIPS and prepare all
required changes including performance testing and battle testing
the modules prior to certification."
With this certification, all applications developed by
organizations leveraging Bouncy Castle APIs will be using a module
tested and formally validated by the U.S. government for FIPS
140-3. Keyfactor’s Bouncy Castle support customers who have been
developing or updating their applications under the early access
program while the module was still in submission can release them
onto the market immediately, rather than having to begin the
testing and development process now a general access release of the
FIPS module is available.
An additional advantage of the FIPS 140-3 certification is that
the five-year sunset period for FIPS 140-2 certificates comes to an
end in 2024, meaning organizations that have been able move to
Bouncy Castle’s FIPS 140-3 module will be able to continue
delivering new products to their customers that require FIPS, such
as the U.S. government.
“FIPS certification represents one of the pinnacles for
implementation quality assurance in cyber security,” said David
Hook, co-founder and lead developer for the Legion of the Bouncy
Castle cryptography project and Head of Cryptography Software
Engineering, Crypto Workshop by Keyfactor. “Thanks to the efforts
of our lab, Acumen Security, and the support from Keyfactor, we are
delighted to have finally been certified to the FIPS 140-3
standard.”
To learn more about Keyfactor’s support options for Bouncy
Castle APIs, visit
https://www.keyfactor.com/open-source/bouncy-castle-support/.
About Keyfactor Keyfactor brings digital trust to the
hyper-connected world with identity-first security for every
machine and human. By simplifying PKI, automating certificate
lifecycle management, and securing every device, workload, and
thing, Keyfactor helps organizations move fast to establish digital
trust at scale — and then maintain it. In a zero-trust world, every
machine needs an identity and every identity must be managed. For
more, visit keyfactor.com or follow @keyfactor.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240731211207/en/
PR: Katie Leonowitz fama PR for Keyfactor
keyfactor@famapr.com