Understanding the Impact of TAA & FIPS Compliance on Your Security Posture

Originally published in Medium, October 7, 2020

Enhanced data security has become an absolute necessity for corporations, government agencies, and contractors alike.

Former NSA Director Keith Alexander has assessed the financial value of cyber espionage losses at about $338 billion a year. With recent breaches in both pharmaceutical and aerospace sectors, understanding nuanced vendor differences in your technology supply chain now matters at every level of an organization’s infrastructure.

The list of breaches is long, and reads like a “who’s who” of modern industry. In 2014, Boeing’s systems were compromised and information was stolen about United States military aircraft and weapons. This year the U.S. government issued a stark and unusual warning, citing efforts to hack health care and pharmaceutical companies posing a “significant threat” to the nation’s response to the coronavirus pandemic.

TAA and FIPS compliance help to address this at every step in an organization’s technology supply chain, reducing risk and fulfilling Federal security standards. Furthermore, TAA insures end products are produced or undergo “substantial transformation” within the United States or a designated country.

This is especially important for suppliers having a GSA Schedule or other US Government contract, such as DOD and IDIQs, as they must ensure their products comply with TAA. Noncompliance can result in bid award cancellation, significant fines and future exclusion from Federal contracting. New FAR Final Rules Issued in January 2017 further tightened acquisition rules.

FIPS 140–2 (Federal Information Processing Standard, version 2) is part of a host of US Government computer security standards used to approve cryptographic modules and their use within IT systems.

It applies to any product that might store or transmit sensitive data, including link encryptors, hard drives, SSDs or other removable storage media. FIPS 140–2 ensures that products make use of sound security practices, including approved, strong encryption algorithms and methods. It also specifies how individuals or processes are authorized in order to utilize the product, and how modules or components interact with other systems.

Broadbridge Networks is a trusted pioneer in the world of modern data security. We take our responsibility for securing both corporate and government entities and contractors as core to our mission. As such, we provide highly secure, extreme performance solutions that demonstrate the best possible value in the marketplace. Armed with TAA and FIPS 140–2 compliant encryption solutions like the Legion Encryptor, customers can be confident in their adherence to strict compliance mandates, while adding essential protection to their most valuable data.