There are some interesting sessions on security certifications and assurance at this year’s RSA Conference. First, there is a tutorial on Monday titled Implementation and Selection of FIPS 140-2 Modules: … and Benefits gained! This talk is at 9am on Monday the 13th and is led by Allen Roginsky, Jean Campbell, and Randy Easter.

Steve Lipner from Microsoft is on a panel on the 14th to talk about Government Information Security and the Need for Software Assurance … this should be quite interesting.

The 16th has some interesting sessions, including “Security vs. C&A” Celebrity Death Match 2006 and Federal Information Processing Standard 140-3 - A Standard for the Future … unfortunately both of these talks are at the same time! Two other potentially interesting talks are Managing Business Risk via Information Classification and How I Learned to Stop Worrying and Love ISO17799.

Also consider these talks on Friday: A Primer to Global Compliance Landscape should provide a nice introduction to non-government compliance regulations. Information Access Implementation Strategies for FIPS 201 looks like an interesting talk.

We have been asked about IPv6 transition/implementation (especially in the US Federal government). Friday’s Federal Agency IPv6 Transition Challenges and Potential Solutions talk should hopefully provide a nice overview of the issues.