CGI Federal‘s Momentum Java Cryptographic Module has been granted a Federal Information Processing Standards certification, which validates the software’s capability to protect classified federal data.
The certification was issued following a comprehensive security assessment performed by SafeLogic, an accredited third party lab, the Fairfax, Virginia-based company announced on Wednesday.
John Owens, senior vice president and Enterprise Solutions Group head at CGI Federal, emphasized the intensity of the evaluation used to certify the module.
“The rigorous certification process, which includes an independent lab test that searches for flaws in the software, provides added, tested security that ensures our enterprise resource planning solution meets modern security threats, whether data is active or at rest,” he stated.
The Java Cryptographic Module enables CGI’s Momentum product suite to implement numerous cryptographic algorithms including Suite B algorithms, which are used by the National Security Agency to safeguard both classified and unclassified national security systems and information.
Services provided by the module include data at rest encryption, data in transit encryption, PKI key management, digital signature generation and other cryptography processes.
Saidul Islam, CGI Federal’s director of Momentum and product security, highlighted the importance of strong cryptography in implementing zero trust architecture.
“The use of a validated crypto module in the Momentum product suite helps our customers as they go through their ZTA journeys in line with federal mandates,” said the director.
Time constraints for the implementation of zero trust architecture were issued in a May 2021 executive order, requiring federal civilian executive branch agencies to have established zero trust safety measures by the end of September 2024.
Standards organizations must meet to fully establish zero trust focus on the constant monitoring of data access, multi-factor authentication and the modernization of encryption methods.
The Java Cryptographic Module’s certification follows the company’s previous FIPS validation for its Momentum C++ Cryptography Module and runs through April 2024.