atsec information security Accredited to Perform TWIC Reader Evaluations
atsec information security is now an accredited testing lab for TWIC card readers and accredited to test TWIC readers against the requirements set forth by the TWIC Reader Evaluation Program. This adds to atsec's range of testing capabilities such as FIPS 140-2, Cryptographic Algorithm Testing, Security Content Automation Protocol, NIST's Personal Identity Verification Program and the GSA Personal Identity Verification Evaluation (FIPS 201).
Port security has long been a focus of US anti-terror activities. Several federal agencies (Coast Guard, U.S. Customs and Border Protection, and the Transportation Security Administration (TSA)), as well as local and state authorities are tasked with port security and most of their focus is on cargo, crew and passenger inspection. Container shipping involves many different actors: the exporter, the importer, freight forwarder, customs broker, excise inspectors, truckers, railroad workers, dock workers, and the crews of the vessels themselves and thereby offers a tempting target for infiltration by terrorists or criminals.
One approach to strengthen this aspect of port security is the TWIC (Transportation Worker Identification Credential) program. The TWIC program provides a tamper-resistant biometric credential to maritime workers that need unescorted access to secure areas of port facilities and ships regulated under the Maritime Transportation Security Act of 2002.
With over 2.1 million TWICs in the field the Transportation Security Administration (TSA) has launched a program to qualify card reader conformance to the TWIC Reader Hardware and Card Application Specification (dated May 2008). Readers determined to be conformant to TSA TWIC Reader requirements will be placed on a Qualified Technology List (QTL) maintained and made available to the public by TSA. QTL qualification requirements vary by reader type and claimed features of the vendor. All functional reader testing for the new QTL program will be performed by a National Voluntary Laboratory Accreditation Program (NVLAP) accredited laboratory. Reader conformance with TWIC environmental specifications, such as temperature range, humidity, shock and vibration, will require the vendor to supply to TSA certificates of conformance for all mandatory environmental requirements and any additional environmental qualifications.
About atsec information security
atsec information security is an independent, standards-based information technology security services company with offices in the U.S., Germany, Sweden, and China. atsec's services include formal laboratory testing and evaluation of information assurance (IA) and IA-enabled commercial off the shelf (COTS) information technology, as well as information security consultancy. atsec offers evaluation and testing services leading to formal certification of information security technology, including evaluations under Common Criteria schemes in the U.S., Germany, and Sweden. In addition, the atsec U.S. organization operates a Cryptographic and Security Testing Laboratory accredited under the Cryptographic Module Validation and the Cryptographic Algorithm Validation Programs of the National Institute of Standards and Technology (NIST) in the U.S. and Communications Security Establishment Canada (CSEC) in Canada for validating cryptographic modules under the FIPS 140-2 standard. atsec works with any company, regardless of size or locale, that is serious about IT security.
atsec information security
Andreas Fabis, 512-615-7317