atsec information security corporation Designated Interim Personal Identity Verification Program Test Facility

Austin, Texas – November 7, 2005 – atsec information security corporation was designated an interim Personal Identity Verification Program (NPIVP) test facility by the National Institute of Standards and Technology (NIST), the non-regulatory federal agency that develops technologies, measurement methods, and standards that help U.S. companies compete in the global marketplace.

atsec is now qualified to test PIV middleware and PIV card application conformance tests in accordance with NIST SP 800-85, as required by Federal Information Processing Standards (FIPS) 201. NIST SP 800-85 are guidelines for testing PIV middleware and card applications. PIV testing is particularly important due to the Homeland Security Presidential Directive (HSPD) 12. In August 2004, the directive established requirements for identification and authentication of federal employees and contractors accessing federal facilities and information systems.

“atsec is extremely pleased that our recent accreditation as a cryptographic module testing lab for FIPS 140-2 testing by NVLAP has now been augmented by our interim designation as a PIV testing lab for FIPS 201 testing,” said Fiona Pattinson, cryptographic module testing lab manager at atsec. “Early designation as an interim NPIVP test facility offers atsec the opportunity to grow our services with the maturing FIPS 201 standard.”

FIPS 201: Personal Identity Verification of Federal Employees and Contractors was developed to satisfy the requirements of HSPD 12 and draws from the efforts developed as a result of the Department of Defense Common Access Card program. FIPS 201 establishes requirements for interface and data elements, acquisition and formatting of biometric data, and acceptable cryptographic algorithms and key sizes for PIV cards and systems. As a result of the directive and publication of the standard, executive departments and agencies are required to implement the standard for identification issued to federal employees and contractors in gaining physical access to controlled facilities and logical access to controlled information systems.

atsec is an accredited laboratory (Lab code 200658) under the National Voluntary Laboratory Accreditation Program (NVLAP) for cryptographic module testing and for Common Criteria testing.

About atsec information security

atsec information security is an independent, standards-based IT (information technology) security consulting and evaluation services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec launched its U.S. business in May 2003, building on extensive success in Europe dating back to 2000. atsec leverages its deep security, process, and standards expertise to consult on a wide range of IT security needs, enabling clients to establish integrated security management procedures in order to manage security risk and improve data, product, and business process reliability. atsec works with leading global companies such as IBM, HP, Audi, Philips, Siemens, Sony Ericsson, and Vodafone. For more information, please visit www.atsec.com.