Table of Contents
Table of Contents

Security and Integrity Firm’s Certification for Government IT Security Product Recognized at the Highest Achievable Level

Merrillville, IN (July 13, 2010) Cimcor, a Merrillville, IN-based leader in the development of innovative security and integrity software solutions for corporate, government, and military initiatives, today announced that its Cimcor Cryptographic Module has earned the highest possible validation for a software product from the U.S. Government’s National Institute of Standards and Technology (NIST) by obtaining a Federal Information Processing Standard (FIPS) 140-2 Level 2 certification.

"This FIPS 140-2 Level 2 certification, which is the highest possible for a software-only product, underscores Cimcor's commitment to providing world-class security tools for as many platforms as possible", said Robert E. Johnson, III, co-founder, President/CEO, Cimcor, Inc.  "Achieving this type of certification illustrates our dedication to provide both military and civilian government agencies with the validated methods of protection that they require for their highly sensitive and valuable data."

The FIPS 140 Publication Series coordinates the requirements and standards for cryptography modules for hardware and software workings.  FIPS 140 defines four levels of security, Levels 1-4.  Levels 1 and 2 are applicable to software product. Software validated at FIPS 140-2 Level 2 requires testing on a Common Criteria evaluated operating environment with authentication and auditing mechanisms.

In order to support heterogeneous environments found in federal agencies, Cimcor’s Cryptographic Module is one of the few that is certified across multiple platforms including, Windows, Linux, Mac, Solaris, and HPUX. Cimcor’s flagship product CimTrak incorporates the module for its own cryptographic operations, but it is also available for licensing to government contractors, solution providers, and software manufacturers that sell to the federal government. The licensing option allows other solutions to focus on their core functionality and simply integrate the Cimcor module for cryptographic requirements. It eliminates the need to devote time and resources to the development of their own module, not to mention the arduous and lengthy validation process.

FIPS are publicly announced standards developed by the U.S. Federal government for use by all non-military government agencies and by government contractors. Cryptographic modules are subjected to rigorous testing by independent, accredited test facilities in order to achieve validation.

“Cimcor selected InfoGard Laboratories to perform rigorous FIPS 140-2 testing of the Cimcor Cryptographic Module,” said Mark Minnoch, FIPS Program Manager for InfoGard Laboratories.  “Cimcor achieved FIPS Certificates at two different Security Levels for multiple operational environments to satisfy customer demand.  The Cimcor team successfully passed all of the testing required to receive FIPS 140-2 Security Level 1 and Security Level 2 certificates for its software cryptographic module. Cimcor’s architecture will allow it to easily maintain its FIPS Certificates through the product lifecycles; this approach will be greatly appreciated by Cimcor’s customers.”

Information security officials have a mandate to maintain greater control over data and information systems.  U.S. law states that all U.S. government purchasing agents must purchase IT-related products validated for FIPS 140-2. FIPS 140-2 is also required by national agencies in Canadian and is recognized in Europe and Australia.


Founded in 1997 and headquartered in Merrillville, IN, Cimcor is an industry leader in developing innovative security and integrity software solutions. The firm has continued to be on the front lines of corporate, government, and military initiatives to protect the nation’s computer networks from unauthorized access. Cimcor’s innovative flagship software product, CimTrak helps organizations to monitor, protect and “self-heal” computer servers and network devices in real-time, including who is making changes, what is being changed, when change is occurring, and how the change was made. These capabilities give their leaders and managers peace of mind and assurance that their IT assets are always in a known and verified state. Visit to learn more about Cimcor and CimTrak.


InfoGard is the premier, independent, accredited IT security laboratory in the United States. InfoGard provides accredited IT security assurance services and focuses solely on product and system evaluations and validations.  Visit

Post by Cimcor
July 13, 2010


About Cimcor

Cimcor’s File Integrity Monitoring solution, CimTrak, helps enterprise IT and security teams secure critical assets and simplify compliance. Easily identify, prohibit, and remediate unknown or unauthorized changes in real-time

Our Top Cybersecurity & Compliance Tools

AI-Powered Compliance Automation Icon
AI-Powered Compliance Automation

Make audit prep hands-off, guaranteed to keep you

Fortify Cybersecurity Posture Icon
Fortify Cybersecurity Posture

Say goodbye to 97% of security alerts, block unauthorized changes across your IT stack.