Important News:CryptoComply FIPS 140-3 Early Access Program is now open. Learn more!

The SafeLogic Blog

Let's talk about Suite B

May 21, 2013 Ray Potter

I'm asked about Suite B at least once per week.  The questions usually come from customers and end users (non-Federal, mainly healthcare, actually).  So let's talk about what Suite B really is, and how it pertains to federal and private sector enterprises.

Suite B is the designation for the collection of commercial algorithms deemed acceptable by the NSA for processing data in classified environments.  Suite A is also a collection of algorithms used to protect information in a classified environment, but unlike Suite B, the algorithms themselves are classified in Suite A.  So don't expect any future blog posts discussing those!

The Suite B algorithms are as follows:

In the words of SafeLogic's technical advisor Whit Diffie, “The importance of validating cryptographic implementation is second to nothing in information security.”  Implementations should be validated in accordance with the National Security Telecommunications and Information Systems Security Policy (NSTISSP) No. 11, Revised Fact Sheet National Information Assurance Acquisition Policy, the details of which are highlighted.

nstissp11

Beyond the mechanisms specified in NSTISSP No. 11, there are no third-party certification programs for Suite B compliance.  Currently, the only affirmation of compliance comes from the vendor themselves... something to keep in mind when evaluating a crypto solution.

About Suite B and FIPS 140

Suite B and FIPS 140 are complementary but completely different programs.  FIPS 140 is the technical standard that specifies requirements for cryptographic modules (self tests, integrity checks, key management, etc.).  Suite B is the collection of non-classified algorithms deemed acceptable for use in classified environments/applications.  Suite B does not imply FIPS 140 conformance, just as FIPS 140 doesn't imply Suite B conformance.  Suite B algorithms are included among those approved by NIST for use in FIPS 140, but there are others available as well.

Ray, What's the Point?

My point is simply this: by electing to use Suite B algorithms, you are assured of the highest level of encryption.  They are approved for use  in FIPS 140 validated solutions, which in turn makes them suitable for FISMA and other standards.  There is no scenario in enterprise or consumer usage in which Suite B algorithms are not appropriate.James Bond

My mother used to tell me that it was always better to be overdressed than underdressed.  While James Bond's tuxedo wasn't ideal for chasing down bad guys with machine guns, Rambo would never have made it past the door of the diplomatic cocktail party that 007 blended right into.

Suite B is Bond's tuxedo - timeless, classic, and it will get you wherever you need to go.  When implemented with proper key management and other controls, these algorithms have been chosen to protect your information better than any other commercially available option out there.

Ray Potter

Ray Potter

Ray Potter is the Founder of SafeLogic, which was spun off from his previous venture, the Apex Assurance Group consulting firm. He brings over 20 years of security and compliance experience, including leading teams at Cisco and Ernst & Young, to the operations team at SafeLogic. Ray loves playing guitar and flying airplanes.

Share This:

Back to posts

Popular Posts

Search for posts

Tags

See all