Thales News Release

Thales Announces Support For And Compliance With NIST SP 800-131A

February 15, 2011

Thales's Industry Leading Hardware Security Modules Support Latest Best Practice Recommendations For Longer Key Lengths

Thales , leader in information systems and communications security, announces that its range of hardware security modules (HSMs) fully supports the recently issued best practice recommendations for the use of cryptographic algorithms and key lengths as specified by the National Institute of Standards and Technology (NIST) SP 800-131A.

In response to the ever changing security landscape NIST has issued new guidance on the use of cryptography to ensure the privacy and integrity of sensitive information and messages. The updated recommendations define the algorithms and key lengths that are permitted for sensitive but unclassified Federal data and provide guidance on the longevity of the security offered by these schemes based on their best estimate of prevailing technology. Most importantly, the guidance warns against the continued use of certain algorithms and key lengths and encourages users to transition their applications over time to use stronger cryptographic keys and more secure algorithms, raising the security bar for would-be cyber criminals. Although these recommendations are only mandatory for US Government data - they serve to define the best practices for protecting commercial data worldwide.

Thales HSMs support the new NIST recommendations enabling users to fully comply with the new guidelines. Thales HSMs support the widest range of algorithms and key sizes and very importantly, are optimized to ensure that the performance impact of transitioning to use longer and therefore stronger keys has been minimized. HSMs have long been accepted as an industry best practice for protecting encryption keys because they overcome the inherent security weaknesses of managing and using keys in software.

“Thales has long championed the use of hardware protection for keys and the use of longer, more secure keys in business critical applications, and we are pleased that these best practices are becoming more widely recognised,” says Franck Greverie, Thales Vice President in charge of Information Technology Security activities. “Support for NIST SP 800-131A not only gives our customers the ability to adopt the best possible security practices in terms of key length but also minimizes the performance penalties that have traditionally accompanied the use of longer keys. This is another example of Thales meeting and exceeding industry and government recommendations to give our customers confidence that their investment in hardware-enforced security will be protected as technology, regulation and best practice continue to evolve.”

NIST, which is part of the U.S. Department of Commerce, is responsible for developing standards and guidelines, including minimum requirements, for providing adequate information security for all agency operations and assets for use by federal agencies. While the NIST recommendations are designed for federal agencies, they are generally accepted as standards to be adopted by non-governmental organizations worldwide.

Visit our digital media centre for industry issues and comment.