Austin, TX – February 08, 2010 - atsec information security, an accredited laboratory for the GSA FIPS 201 Evaluation Program which runs a product approval program for PIV-related products destined for the U.S. Government market, is proud to announce the successful GSA FIPS 201 evaluation of four Codebench products. Codebench is the first company with solutions evaluated for GSA product categories “Caching Status Proxy,” “PIV Authentication System,” and “CHUID Authentication System.”

Codebench’s PIVCheck Plus Desktop Edition with PIVCheck Certificate Manager, PIVCheck Plus Mobile Edition with PIVCheck Certificate Manager and PIVCheck Desktop Edition (both the SCVP Client and PIV Authentication System) were tested and evaluated in atsec's Austin, TX lab.

As a result of its evaluation, atsec has determined that Codebench’s products meet FIPS 201 requirements on behalf of GSA, who ultimately grants the approval. These products are now listed on the FIPS 201 Evaluation program Approved Product List, which only lists those products and services that are in compliance with the current version of the Standard and its supporting NIST Special Publication 800-116, which provides recommendations for the Use of PIV Credentials in Physical Access Control Systems (PACS).

“Codebench is currently the only company that has approved products in the “Caching Status Proxy,” “PIV Authentication System,” and “CHUID Authentication System” categories,” said Geri Castaldo, chief executive officer of Codebench. “By completing the evaluation process with atsec information security, Codebench has demonstrated its commitment to ensuring its solutions meet government regulations and support NIST Special Publication 800-116 and HSPD-12.”

"atsec succeeded to complete successfully three first-in-category evaluations for Codebench products,” Apostol Vassilev, Laboratory Manager for atsec’s CST lab. “In doing so, we are proud to join our client in a position of leadership in providing secure products with the appropriate level of tested assurance for these product categories as mandated by the GSA PIV Project Management Office."

The product entries are included on the GSA FIPS 201 Evaluation Program Approved Product List at http://fips201ep.cio.gov/apl.php.as:

Codebench, Inc.
PIVCheck Plus Desktop Edition with PIVCheck Certificate Manager
Category: Caching Status Proxy
Part #: PVCP-D/S-B1
SW version: 1.2
(GSA APL item # 464)

Codebench, Inc.
PIVCheck Plus Mobile Edition with PIVCheck Certificate Manager
Category: Caching Status Proxy
Part #: PVCP-M/S-B1
SW version: 1.2
(GSA APL item # 473)
The caching status proxy is a product (hardware and/or software) that polls the status of all registered PIV Cards periodically, and cache the status responses from their issuer(s). Caching status proxies are useful in scenarios that require extremely quick query-responses for certificate revocation status information or when physical access control systems need to cache certificate revocation information so as to be able to make an access control decision when on-line certificate validation is not possible.

Codebench, Inc.
PIVCheck Desktop Edition
Category: PIV Authentication System
Part #: PVC-D/S
SW version: 1.2
(GSA APL item # 466)
The PIV Authentication System product category provides the capability to perform a cryptographic challenge/response with the PIV Authentication Key stored on a PIV Card and makes an authorization decision based on the FASC-N stored on the PIV Card.

Codebench, Inc.
PIVCheck Desktop Edition
Category: CHUID Authentication System
Part #: PVC-D/S
SW version: 1.2
(GSA APL item # 468)
The CHUID Authentication System product category provides the capability to access and determine authenticity of the CHUID stored on a PIV Card and makes an authorization decision based on the CHUID elements stored on the PIV Card.

FIPS 201 (with its supporting documents) is the mandatory standard that addresses the Homeland Security Presidential Directive 12 mandate (HSPD-12). HSPD-12 mandates a government-wide standard for secure and reliable forms of identification issued by the Federal Government to its employees and contractors.

# # #

About Codebench
Codebench is a software development firm focused exclusively on physical security applications. A leading developer of software integration solutions, Codebench is a certified Women’s Business Enterprise located in Coconut Creek, Fla., and serves the Fortune 500, academic and government markets. For more information, visit www.pivcheck.com or call (561) 883-3218.

About atsec information security
atsec information security is an independent, standards-based information technology security services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec was founded in Munich, Germany in 2000 and has extensive international operations with offices in the U.S., Germany, Sweden, and China.
atsec offers secure code review, ISO/IEC 27001 ISMS consulting, and penetration testing and scanning services as well as being a QSA and ASV.
atsec also offers evaluation and testing services leading to formal certification for IT security including evaluation under Common Criteria schemes in the U.S., Germany, and Sweden; cryptographic module and algorithm testing under the Cryptographic Module Validation Program of the National Institute of Standards and Technology (NIST) in the U.S. and Communications Security Establishment Canada (CSEC) in Canada.
atsec works with such leading global companies as IBM, Apple, Microsoft, Hewlett-Packard, Oracle, Cray, BMW, SGI, Vodafone, RWE, and Wincor-Nixdorf.