Corsec - FIPS 140-2

Ixia Products Reach “In Process” for FIPS 140-2

Corsec would like to congratulate our partner, Ixia, which provides testing, visibility, and security solutions to strengthen applications across physical and virtual networks; on being listed on the “In Process” list for two of their FIPS 140-2 validations. Ixia’s products, the VisionONE and Net ToolOptimizer (NTO) 7303 have reached the Implementation Under Test (IUT) phase of their validation and …

Read moreIxia Products Reach “In Process” for FIPS 140-2

Cybersecurity Acquisition Vehicle Coming

The General Services Administration (GSA) has announced their intentions to add another SIN to the GSA Schedule 70 – “Highly Adaptive Cybersecurity Services (HACS)”. The new SIN will be broken down into three categories for security services — proactive, reactive, and remediation. “We’re not putting together a vehicle for GSA. We’re putting it together …

Read moreCybersecurity Acquisition Vehicle Coming

DHS funds Cyber Defense

The Department of Homeland Security (DHS) has approved $1.8 billion in funding to prevent cybersecurity attacks and protect critical infrastructure. The House Appropriations Subcommittee approved the bill last week in order to support the National Protection and Programs Directorate (NPPD), the agency within DHS responsible for cybersecurity. “Hacking and cyberattacks have already …

Read moreDHS funds Cyber Defense


Updates to Canadian Common Criteria Certifications

The Communications Security Establishment (CSE), the governing body of Common Criteria in Canada, has officially stated they will only accept Protection Profile (PP) based evaluations starting in September of 2017. Furthermore, they have stated that they will only be accepting evaluations against CSE-approved PPs; a full list of which can be …

Read moreUpdates to Canadian Common Criteria Certifications


Event Recovery and PIV Updates from NIST

NIST has released draft Special Publication (SP) 800-184, titled “Guide for Cybersecurity Event Recovery” – This draft is open to public comment until July, 11th, 2016 “The purpose of this document is to support federal agencies in a technology-neutral way in improving their cyber event recovery plans, processes, and procedures. This …

Read moreEvent Recovery and PIV Updates from NIST


Poor Project Management Could Derail Your Certification Efforts

CMVP has new guidelines which went live last month via the release of Implementation Guidance (G.16). This update will affect product vendors that have not taken proper precautions with project management related to their FIPS 140-2 validations. During validation, an accredited Lab can submit a request form (called an IUTA) for a product to …

Read morePoor Project Management Could Derail Your Certification Efforts