Vigilance can report that the Department of Homeland Security Science and Technology Directorate (S&T) last week announced the validation and availability of an open-source cybersecurity tool for securing information shared across the Internet. Government agencies required to use cryptographic software validated to Federal Information Processing Standards (FIPS), will now have access to Open Secure Socket Layer (OpenSSL v2.0), a free, publicly available security software that meets federal security guidelines.
“OpenSSL is a widely-used component in many software security applications,” said Luke Berndt, DHS Program Manager for the Homeland Open Security Technology (HOST) program. The mission of the HOST program is to identify viable and sustainable open source solutions that support national cybersecurity objectives. “With this program available for government use, the nation’s critical online information will be safer while the government will find greater cost savings.”
The National Institute of Standards and Technology validated the Open SSL using the FIPS 140-2 security standard for testing cryptographic modules. This validation is required for cryptography used to protect sensitive or valuable data within the federal government. The validation process was funded by DHS S&T and other government agency and private sector partners.
“DHS S&T’s investment in the validation process for OpenSSL will help government users access the latest security software, and allow software developers to integrate OpenSSL into the products they offer to government clients,” said Berndt. “This collaborative effort is a great example of how government and industry can both benefit from the use of open source software.”