US Army Standardizing on Tumbleweed PKI Validation Solution for Secure Messaging and Cryptographic Log-on
January 30 2006 - 9:00AM
Business Wire
Army Accelerating PKI Implementation to Meet New DoD-Wide Mandate
Requiring 100 Percent Smart Card Log-On Authentication by July 31,
2006 Tumbleweed(R) Communications Corp. (NASDAQ:TMWD), a leading
provider of email security, managed file transfer, and identity
validation appliance and software products, today announced that
the United States Army has contracted with TKCIS, an Alaskan Native
8(a) corporation, to procure the Tumbleweed Validation
Authority(TM) (VA) in support of the Army's efforts to achieve
enterprise-wide public key infrastructure (PKI) validation for
smart card log-on and secure messaging. Tumbleweed VA is based on
the open standard Online Certificate Status Protocol (OCSP, RFC
2560), and is already the most widely deployed PKI validation
solution in the U.S. Department of Defense (DoD). Designed to
validate the status of digital certificates in real time,
Tumbleweed VA ensures that revoked credentials cannot be used for
secure email, smart card login, web access, wireless, VPN, or other
electronic transactions. The Army began accelerating deployment of
Tumbleweed VA earlier this month in response to a new DoD-wide
mandate requiring all military services and agencies to implement
PKI and 100 percent use of smart card cryptographic log-on to the
Non-Classified IP Router Network by July 31, 2006. The mandate also
requires implementation of public key enabling for user
authentication, digital signatures, and encryption on all desktops,
servers, and laptops. The Joint Task Force-Global Network
Operations (JTF-GNO) accelerated the PKI implementation schedule in
response to an increasing number of attacks and attempts to steal
U.S. military secrets and slow network operations. The use of VA
for enabling smart card cryptographic log-on also meets other
directives on identity protection, including Homeland Security
Presidential Directive 12 (HSPD 12). "This award supports the
Army's goal to leverage the existing investment in its public key
infrastructure, and to realize the Tumbleweed VA's potential as an
enabling technology for protecting critical information
infrastructures and assuring the integrity of communications," said
Ann Smith, Tumbleweed's Vice President, Federal Sales. "Once VA is
fully deployed, more than 800,000 Army personnel will be able to
use their Common Access Cards (CAC) in compliance with the new DoD
mandate to access department networks, communicate via e-mail, and
conduct other transactions with a substantially greater level of
assurance." Under its PKI initiative, the DoD has issued almost
five million digital certificates to military personnel and
civilian contractors. This digital certificate, stored on a CAC or
"smart" card, includes the user's name, organization, and other
identification information. The smart card is used to secure
mission-critical applications such as email, web server access,
network access, and system login. As part of the DoD's "Defense In
Depth" strategy, all DoD senders must digitally sign email messages
using their smart card. Like any physical credential, however,
digital certificates must be validated at time of use to ensure the
certificate is not revoked or expired. In particular, DoD
organizations must validate the status of the digital certificate
stored on the smart card when used to sign an email message or
perform any trusted transaction. To align operations with the DoD's
PKI and Defense In Depth initiatives, the Army decided to
standardize on Tumbleweed VA, concluding that the product satisfies
its requirements for a cost-effective solution that provides
capabilities to speed the real-time validation of digital
certificates, ensure secure communications, and to support the
system-wide use of smart cards for cryptographic access to desktop,
server, and network resources. Performing cryptographic logon via
smart card will eliminate the need for individuals to use multiple
passwords for accessing network systems. In addition to supporting
the Army's PKI initiatives, the contract award to TKCIS will help
the Army expand its efforts to increase the percentage of
government contracts awarded to Native American and tribally-owned
small businesses. Partnering with Tumbleweed will enable TKCIS to
expand the depth and breadth of the solutions and expertise the
company can offer. TKCIS' Senior Vice President, GSA & Systems
Integration Division, Joel Lipkin, notes that "as an IT solutions
and services provider, you must have the ability to offer
industry-leading components to drive real growth and satisfy
customer requirements. Partnering on this contract with Tumbleweed,
clearly a market leader in email security, file transfer security,
and identity validation solutions, provides us with a greater
business development platform for driving growth in the solutions
as well as the services components of our operations." About
Tumbleweed Validation Authority Tumbleweed Validation Authority
(VA) ensures the validity and integrity of highly valued and
trusted transactions. Validation Authority is a Certificate
Authority (CA) neutral, extensible server that utilizes multiple
validation protocols for checking the validity of X.509
certificates within Public Key Infrastructure (PKI) environments.
Validation Authority delivers a comprehensive, scalable, and
reliable framework for validating digital certificates in real
time, and can validate a certificate issued by any CA. It complies
with Federal Information Protection Standard (FIPS) 140-l, DOD
Joint Interoperability Testing Command, and Identrus standards.
Additionally, Validation Authority is completing Common Criteria
(ISO/IEC 15408) Evaluation Assurance Level (EAL-3) certification by
the National Information Assurance Partnership (NIAP), a
collaboration between the National Institute of Standards and
Technology (NIST) and the National Security Agency (NSA).
Tumbleweed VA is the first fully open standards product to enable
digital certificate status validation in large scale distributed
computing environments through the introduction of a new
Repeater-Responder architecture, a significant innovation in
digital certificate validation and PKI. A Repeater is an OCSP
caching server which can be pre-loaded with OCSP responses
generated by a Responder, as well as dynamically build up an OCSP
response cache by acting as a proxy for client requests to a
Responder. The product's flexible architecture improves
performance, security, fault-tolerance, and overall robustness of
PKI. Since Repeaters and Responders do not need to be in the same
administrative domain, Responders (and their associated private
keys) can be further secured via a firewall or air gap.
Additionally, since Repeaters do not need to perform any digital
signing operations, they enable organizations to scale their
digital certificate validation infrastructures without incurring
the additional cost of hardware signing modules. SAFE HARBOR
STATEMENT Tumbleweed cautions that forward-looking statements
contained in this press release are based on current plans and
expectations, and that a number of factors could cause the actual
results to differ materially from the guidance given at this time.
These factors are described in the Safe Harbor statement below.
Except for the historical information contained herein, the matters
discussed in this press release may constitute forward-looking
statements that involve risks and uncertainties that could cause
actual results to differ materially from those projected,
particularly with respect to the deployment of Tumbleweed
Validation Authority by the U.S. Department of Defense, as well as
the performance and functionality of Tumbleweed's products. In some
cases, forward-looking statements can be identified by terminology
such as "may," "will," "should," "potential," "continue,"
"expects," "anticipates," "intends," "plans," "believes,"
"estimates," and similar expressions. For further cautions about
the risks of investing in Tumbleweed, we refer you to the documents
Tumbleweed files from time to time with the Securities and Exchange
Commission, particularly Tumbleweed's Form 10-K filed March 16,
2005 and Form 10-Q filed November 2, 2005. Tumbleweed assumes no
obligation to update information contained in this press release,
including for example its guidance regarding its future
performance, which represents Tumbleweed's expectations only as of
the date of this release and should not be viewed as a statement
about Tumbleweed's expectations after such date. Although this
release may remain available on Tumbleweed's website or elsewhere,
its continued availability does not indicate that Tumbleweed is
reaffirming or confirming any of the information contained herein.
About TKC Integration Services, LLC TKC Integration Services
(TKCIS) is a small disadvantaged business, an SBA-certified 8(a)
Corporation, a tribally-owned Native American Corporation, and an
Alaskan Native Corporation with an extensive track record in
delivering a wide spectrum of technology solutions for the Federal
government. TKCIS is 100% owned by TKC Management Services Company
(TKCMS), a holding company charged with growing companies that
generate income to be distributed to over 13,000 Native American
shareholders. Known for phenomenal service and exceptional accuracy
in client delivery, the TKC companies currently provide over
$140,000,000 in services to federal and commercial customers, with
core expertise in telecommunications, information technology,
product development, major program management, construction
management, facility operations, and operations support. For more
information on TKCIS, go to www.tkcis.com. Additional information
on TKCMS and its subsidiaries is available at www.tkcms.com. About
Tumbleweed Communications Corp. Tumbleweed provides security
solutions for email protection, file transfers, and identity
validation that allow organizations to safely conduct business over
the Internet. Tumbleweed offers these solutions in three
comprehensive product suites: MailGate(R), SecureTransport(TM), and
Validation Authority(TM). MailGate provides protection against
spam, viruses, and attacks, and enables policy-based message
filtering, encryption, and routing. SecureTransport enables
business to safely exchange large files and transactions without
proprietary software. Validation Authority is the world-leading
solution for determining the validity of digital certificates.
Tumbleweed's enterprise and government customers include ABN Amro,
Bank of America Securities, Catholic Healthcare West, JP Morgan
Chase & Co., The Regence Group (Blue Cross/Blue Shield), St.
Luke's Episcopal Healthcare System, the U.S. Food and Drug
Administration, the U.S. Department of Defense, and all four
branches of the U.S. Armed Forces. Tumbleweed was founded in 1993
and is headquartered in Redwood City, Calif. For additional
information about Tumbleweed go to www.tumbleweed.com or call
650-216-2000. Tumbleweed, MailGate, SecureTransport and Validation
Authority are either registered trademarks or trademarks of
Tumbleweed Communications Corp. in the United States and/or other
countries. All other trademarks are the property of their
respective owners.
Tumbleweed Communications Corp (MM) (NASDAQ:TMWD)
Historical Stock Chart
From Jun 2024 to Jul 2024
Tumbleweed Communications Corp (MM) (NASDAQ:TMWD)
Historical Stock Chart
From Jul 2023 to Jul 2024