FIPS 140, CSfC, Common Criteria, UC APL

Is There Value in Maintaining Your Security Validation?

Once you have spent the time and money to pursue a security validation, you’re all done, right? Well, not exactly. However, the good news is that it isn’t hard or expensive to maintain your validation.

For most security validations, the validation applies to a specific version of hardware and software. At the beginning of your evaluation you must choose which versions of your product you are taking through the validation process. 

Read moreIs There Value in Maintaining Your Security Validation?

FIPS 140, CSfC, Common Criteria, UC APL

Selecting a Certification Consulting Company: Why the Right Choice Matters

Your customers are asking for your product to go through a security validation. You have begun evaluating your options, have started to develop a strategy, and have decided that this is not a task you can handle on your own. Your first step will be to talk to an expert consultant.

But how do you choose one? 

Read moreSelecting a Certification Consulting Company: Why the Right Choice Matters

FIPS 140-2, FIPS 140-2 validation, FIPS Validation, FIPS 140-2 process, FIPS Inside, FIPS Compliant

What You Need to Know about FIPS 140-2, OpenSSL, and the new IG Requirement

You may have heard about the new interpretation of the mandatory requirement in Section 9.5 of the Implementation Guidance (IG) document, a key component of FIPS 140-2 documentation issued by the Cryptographic Module Validation Program (CMVP). This interpretation is causing conflicts with the architecture of the OpenSSL validations and how OpenSSL’s validation applies to customers using their software.

Read moreWhat You Need to Know about FIPS 140-2, OpenSSL, and the new IG Requirement