Corsec is often asked when the next version of the Federal Information Processing Standard (FIPS 140-3), is expected to be released. It is an important question as product vendors are trying to adapt their certification strategies; …
Implementing a FIPS 140-2 validation into your product is a great way to strengthen your solution, enhance your brand, and secure your bottom line. When pursuing FIPS, you will be faced with difficult and often confusing …
The deadline is approaching for vendors that were moved to the Historical List because of their RNG use. July 1 is the last day that a lab can submit a no-cost 3Sub to move a module …
Corsec would like to congratulate our partner, Ixia, which provides testing, visibility, and security solutions to strengthen applications across physical and virtual networks; on being listed on the “In Process” list for two of their FIPS 140-2 validations. Ixia’s products, the VisionONE …
NIST has released draft Special Publication (SP) 800-184, titled “Guide for Cybersecurity Event Recovery” – This draft is open to public comment until July, 11th, 2016 “The purpose of this document is to support federal agencies …
CMVP has new guidelines which went live last month via the release of Implementation Guidance (G.16). This update will affect product vendors that have not taken proper precautions with project management related to their FIPS 140-2 validations. During …
CMVP; the governing body that oversees U.S. FIPS 140-2 validations, has made drastic changes over the past year to policy governing product certification longevity. This week they went one step further and have now updated …
Over the past two months Corsec has traveled from Seoul, Korea to Ontario, Canada in order to attend security certification events such as the Common Criteria Users Forum (CCUF), and the International Cryptographic Module Conference (ICMC). The discussions …
As previously posted, next week in Ottawa, Ontario, Canada, hundreds of global leaders in the commercial encryption community will gather at the fourth annual International Cryptographic Module Conference (ICMC). Corsec’s President John Morris will be joining …
Corsec would like to thank and congratulate our partner Vocera Communications on completing the Federal Information Processing Standard for their Vocera Cryptographic Module v3.0 (#0894). This module has now completed and finalized all the necessary requirements for …
Corsec would like to thank and congratulate our partner Sonus Networks Inc., on completing the FIPS 140-2 validation process for the Session Border Controller (SBC) 5110/5210. After a year of hard work, the Sonus SBC 5110/5210 …
Corsec would like to congratulate our partner HPE, on successfully completing yet another security certification for the HP BladeSystem, this time on the Onboard Administrator Firmware version 4.40. This is the third certification in recent months …
Corsec would like to congratulate our partner, HP Enterprise on successfully completing the FIPS 140-2 validation process for the HPE BladeSystem c7000 and c3000 Enclosure with OA v4.40 and iLO 4 v2.11. These certifications underscore HPE’s commitment to providing …
Corsec would like to thank and congratulate our partner Sonus Networks Inc., on completing the FIPS 140-2 validation process for the Session Border Controller (SBC) 7000. After a year of hard work, the Sonus SBC 7000’s achieved …
Corsec would like to thank and congratulate our partner, EMC, on completing yet another security certification. EMC has finished the Federal Information Processing Standard 140-2 (FIPS 140-2) validation of their product, the VNX 6Gb/s SAS …
In addition to the new vulnerabilities identified in January of this year, OpenSSL has once again had to release a slew of patches to correct problematic areas, which could ultimately affect your FIPS validation, Common Criteria …
Last month NIST released a draft publication on sources of Entropy and randomness in protecting sensitive data. The draft “Special Publication 800-90B, Recommendation for the Entropy Sources Used for Random Bit Generation”, is intended to help product vendors …
As previously mentioned, CMVP announced that all FIPS 140-2 validations that use Random Number Generators (RNG), as well as certifications that use both the NIST 800-90A DRBG and RNG will be required to re-validate, otherwise, they will …
Corsec brings highlights from recent events – offering insight into the future of Cryptographic Validations, Lab Reviews, and a potential new Inter-Agency Agreement. Cryptographic Validations, Quo Vadis? and apropos of FIPS 140-2 Cryptographic validations currently do …
Product vendors often rely on OpenSSL to meet FIPS requirements. With the new CMVP requirements and regulations, vendors using certain versions of the OpenSSL cryptographic library to meet FIPS 140-2 requirements are in jeopardy of being out of …