ICMC : Win!, Win!, Win!

atsec information security

·

Written by Fiona Stewart for the Cryptographic Module User Forum (CMUF member login required)
To become a CMUF member, sign up for free here.

The first ICMC website from 2013.

atsec proudly pioneered a community and founded the ICMC

This year I was happy to be able to return to the ICMC. It allowed me to remember when I was proudly working for atsec several years ago. Founded in 2000 in Munich, Germany, atsec established operations in Austin, TX in 2003. The company is fiercely independent, and its principles closely matched my own. I joined atsec in the summer of 2004, reporting directly to the atsec founding CEO, Sal La Pietra.

The challenge of establishing an accredited FIPS laboratory is still vivid in my memory. It wasn’t only about technical expertise in security, cryptography, and standards—it was about creating a management system that met international expectations and turning a niche accredited-lab into a thriving business. In 2005, atsec received accreditations for both Common Criteria evaluation under the NIAP scheme and FIPS 140-2 testing and validation under the NIST Cryptographic Module Validation Program (CMVP).

At that time, the FIPS 140-2 discussions happened within a small, exclusive circle centered on NIST. There was a clear need for a broader platform where vendors, federal agencies, academics, and other professionals could share information. Recognizing the limitations of the existing NIST workshops, atsec spearheaded the creation of the International Cryptographic Module Conference (ICMC). Efforts started in 2012 and by 2013 we were ready for launch. Despite limited budgets, atsec financed everything from acquiring domain names to designing the conference logo and program.

The chosen venue for the first ICMC in 2013 was a stone’s throw from NIST in Gaithersburg – The Holiday Inn. Despite its basic amenities, it provided all we needed for the inaugural ICMC. With persistence and community spirit, registration grew from only a few commitments to 163 participants from many nations—a true testament to atsec’s vision.

A participant summed it up with a simple “Win! Win! Win!” and the mandate was clear: the ICMC must continue, accompanied by the formation of a “user group” for ongoing collaboration.

Maintaining Vision

After the inaugural event, atsec’s continued commitment to community building led to the establishment of the Cryptographic Module User Forum (CMUF) and a sustained push to involve all stakeholders.

The CMUF is a loosely organized group, with no legal entity. An extremely focused “social network”. For the basic tools of collaboration we rely on “free” tools, and a few small donations from companies willing to informally support the group, but most of all it relies on the members’ contributions.

The CMUF provides an opportunity for the community to work together on common challenges from engaging with evolving ISO standards (and the related FIPS) to contributing insights into international cryptographic policies.

After the second ICMC in 2014, atsec sought to assure that the ICMC remained a CMUF-focused event where sharing technology with our community was to remain the priority. atsec created an arrangement where the ICMC could remain a community-driven event. It did so by providing seed money and creating contractual provisions designed to keep these priorities in place. At the conclusion of each year’s event a determination is made about whether to continue the ICMC event format and administration. This is based on whether the event continues to align with the spirit of its creation in 2013. This assures that the community is directly served.

The first ICMC in 2013 laid the groundwork for a cooperative spirit that endures today. It demonstrated that when a community comes together the results can be extraordinary.

I had the privilege of contributing to atsec’s inspiring journey firsthand. My narrative goes beyond simple technical milestones; it reflects the community spirit and collaborative innovation that atsec and others fostered. I observed how atsec challenged the status quo in the cryptographic testing arena and pushed for a more inclusive platform with the concept of the CMUF and ICMC emerging as a necessary evolution from the one-sided NIST workshops to an international forum that engaged not only labs, but everyone involved in commercial cryptography.

atsec chose an independent conference organizer for ICMC, one who does not have a vested interest in the technical topics, and despite our creed of no-allegiance to governments, commercial developers, the business of certification etc., atsec recognized the need for this conference to be financially self-sustaining. The emphasis has always been on the quality of the conference, facilitating collaboration over commercial gain, and ensuring that all voices are heard while keeping the focus on advancing cryptographic practices globally.

CNXTD Inc. was brought on board by atsec. The role was to handle event logistics, arranging the hotel, coordinating the venue, and managing the practical details that ensured the conference could go ahead. While CNXTD’s contributions are vital in supporting the event, the focus must remain on the vision for the community and the collective effort that made the ICMC a success.

With this insight, I invite the whole community to review where we are today, the community has changed a lot over the last decade with consolidation and expansion and the evolution of the standards as international standards. Are the CMUF mission and principles still meeting the needs of today’s community ? Are we still happy with the CMUF Steering Committee principles? If not, how should they be changed? With that we, through the CMUF, can properly direct the direction of future ICMC conferences.

atsec would like to see the 15th Anniversary of the ICMC held in Austin, Texas. It would be a great central location for all and would provide an opportunity to emphasise that the community has grown to include interests beyond the CMVP.

For further details, please refer to

An arrow divider