Financial Crime World

Here is the rewritten article in Markdown format:

NIST and CSEC Validate Cryptographic Modules under FIPS 140-2 Standard

The National Institute of Standards and Technology (NIST) in the U.S. and Communications Security Establishment Canada (CSEC) have validated various cryptographic modules under the FIPS 140-2 standard to ensure the reliability of these modules.

Meanwhile, atsec China has achieved accreditations from the China National Accreditation Service for Conformity Assessment (CNAS) and the China Metrology Accreditation (CMA), allowing it to perform testing and produce reliable data.

Air China’s PCI Compliance Journey

Air China has successfully completed its initial compliance with the Payment Card Industry Data Security Standard (PCI DSS) for its core platform. The airline plans to extend compliance to its e-business website and call center system soon.

Atsec China played a key role in guiding Air China through the PCI implementation process. The project began with data optimization, followed by the establishment of new technical measures and business procedures. Air China combined existing standards such as ISO/IEC 27001 and FIPS 140-2 to create an integrated management system.

Lessons Learned

Air China’s experience highlights the importance of simplicity in achieving PCI compliance. The airline segmented its network and focused on the core payment platform first, before extending compliance to other systems.

  • Effective communication and coordination between internal departments are crucial for a successful implementation.
  • Assigning a project manager who understands the standard and can drive implementation forward is essential.

Best Practices

Atsec China recommends that organizations use PCI standards as a baseline for data protection, combining them with national or local standards and regulations. This approach can help establish an integrated management system that meets multiple requirements.

  • Use a risk-based approach to security technology implementation and management.
  • Emphasize the importance of harmonization with national and global standards.

Conclusion

NIST and CSEC’s validation of cryptographic modules under the FIPS 140-2 standard demonstrates their commitment to ensuring the reliability of these modules. Atsec China’s accreditations from CNAS and CMA further underscore its ability to perform testing and produce reliable data.

Air China’s PCI compliance journey serves as a valuable lesson for organizations seeking to achieve similar standards, emphasizing the importance of simplicity, effective communication, and integrated management systems.