This publication has dealt extensively with the issue of DCI compliance and the issues imposed by changes in the NIST FIPS 140 security requirements. While NIST updated most of the FIPS 140-2 Annex documents in November, it didn’t provide further guidance on the transition to stricter rules for dual-use of security keys. Details of NIST-imposed changes aside, perhaps the most significant decision made this year is that by DCI in its dual decision to continue its inclusion of FIPS 140 certification as a requirement of DCI compliance, in addition to its intent to make it SMPTE’s responsibility to respond to specification changes required of NIST. This doesn’t completely absolve DCI of documentation responsibility, as it must still maintain its Compliance Test Plan (CTP).
In an effort to ease the impact of NIST-imposed changes on manufacturers, DCI issued a policy of non-obsolescence of DCI compliance status. Once DCI compliance is achieved for a particular design, it will be forever compliant, with the test results closed to the public. NIST, however, has a more specific policy towards FIPS 140 certification. FIPS 140 certification states which version and level of the FIPS 140 specification the product was tested to, and which compliant algorithms are supported by the product. This information is public, and could result in the future examination of these details in determining the suitability of a product.
While there is reasonable concern that NIST-imposed changes will require a stream of upgrades to support them, it is more likely that the sharpest pain will be felt elsewhere. Once a media block passes DCI compliance, the manufacturer has no incentive to replace the product, as the cost to undergo a new FIPS certification process and DCI compliance process is substantial, well over $1M. The disincentive to change the product will only be further entrenched if NIST should change its spec along the way. Manufacturers are more likely to produce their media blocks until the parts are no longer available.
There are pros and cons to the moratorium on development. The data rate of the media block decoder, for example, will remain limited by the current DCI specification. The functionality of the media block, which is within the FIPS security boundary, will not be able to change without inviting a new FIPS certification process. These limitations, in turn, will make it impractical to introduce new features such as 4K 3-D, or support more than 16 audio channels.
While cinema owners are understandably concerned that digital cinema technology will change rapidly and force their hand to buy new equipment prematurely, DCI’s decision to stick with NIST is more likely to encourage mediocrity in digital cinema hardware. Having experienced their share of innovation, cinema owners will likely receive this as welcome news.
NIST-induced pain, however, will exist, and will most likely be felt by studios and fulfillment operations. Once a NIST-specified change occurs that requires dual-inventory of content and/or keys, any number of outcomes are possible. One such outcome is that studios will simply follow the DCI rules and suffer dual inventory. Another outcome is that the requirement for NIST compliance will be suspended for some number of years to better manage the transition. Doing so, however, raises many questions, including how new products are to be approved during such a transition time without putting at risk the DCI compliance process itself. The worst and most unlikely scenario is that the studio willingness to work together will collapse, and DCI will lose its grip on the industry.
The consideration that no studio wishes to contemplate is that NIST-imposed changes could cause problems of such magnitude that there will arise the need to enforce a transition to new equipment. This, of course, will not be possible without subsidizing the replacement cost. No doubt most studio execs currently engaged with DCI hope to be retired before such headaches come to pass.
