News Archives - Corsec Security, Inc.®

Fed Roundup: May 2026

Jake Nelson — Tue, 02 Jun 2026 18:22:08 +0000

DISA News

Announcements:

Launched new Acquisition Decisions LinkedIn newsletter
Strong push on skills-based hiring for cyber roles
Moving beyond resumes to validated technical assessments
Accelerated hiring tied to live events (e.g., TechNet Cyber)
Heavy promotion of TechNet Cyber 2026
Ongoing emphasis on strengthening industry partnerships through increased transparency and accessibility for vendors via new comms channels
A shift towards modernizing industry engagement, hiring of cyber talent, and communication of opportunities

Security Technical Implementation Guide Updates:

None

Updates & Announcements:

“Nine Candidates Advance to the Third Round of the Additional Digital Signatures for the PQC Standardization Process”

Special Publications, Interagency Reports, & Cybersecurity White Papers:

Updates & Announcements:

NIAP CCEVS Policy #29: Addendum for Certificate Length Updates

Protection Profile Announcements:

Published – Virtualization Version 2.0

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Dir of Marketing
Jnelson@corsec.com

The post Fed Roundup: May 2026 appeared first on Corsec Security, Inc.®.

Fed Roundup: April 2026

Jake Nelson — Wed, 06 May 2026 14:26:04 +0000

DISA News

Announcements:

DISA is advancing cybersecurity and operational resilience by modernizing command-and-control infrastructure, adopting zero trust principles, and strengthening the Defense Department’s digital operations capabilities.

Security Technical Implementation Guide Updates:

Apache Server 2.4 Unix STIG
Apache Server 2.4 Windows STIG
Apache Tomcat Application Server 9 STIG
Application Security and Development STIG
Application Server SRG
IBM WebSphere Liberty Server STIG
JBoss Enterprise Application Platform 6.3 STIG
Kubernetes STIG
Kubernetes STIG SCAP Benchmark
Layer 2 Switch SRG
Microsoft .NET Framework 4.0 STIG
Microsoft IIS 10.0 STIG
Microsoft Office 365 ProPlus STIG
Microsoft SQL Server 2016 STIG
Microsoft Windows 10 STIG
Microsoft Windows 11 STIG
Microsoft Windows Server 2019 STIG
Microsoft Windows Server 2022 STIG
Microsoft Windows Server DNS STIG
Motorola Solutions Android 13 STIG
Mozilla Firefox STIG
Mozilla Firefox SCAP Benchmarks (Linux & Windows variants)
Tanium 7.x STIG
Tanium 7.x TanOS STIG
Trend Micro TippingPoint STIG
Group Policy Objects (GPOs)
Microsoft Intune Policy
Microsoft Entra ID STIG
Oracle Linux 9 STIG

Updates & Announcements:

None

Special Publications, Interagency Reports, & Cybersecurity White Papers:

Updates & Announcements:

NIAP Policy #5 Frequently Asked Questions and CAVP Mapping Document Updated

Protection Profile Announcements:

Published – PP for General Purpose Computing Platform (GPCP) Version 2.0
Published – PP-Module for Software Defined Networking – Controller Version 1.0
Published – PP-Module for Media Access Control Security Version 2.0
Published – cPP-Module for Stateful Traffic Filter Firewalls, Version 2.0

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Dir of Marketing
Jnelson@corsec.com

The post Fed Roundup: April 2026 appeared first on Corsec Security, Inc.®.

Fed Roundup: March 2026

Jake Nelson — Wed, 01 Apr 2026 13:36:43 +0000

DISA News

Announcements:

None

Security Technical Implementation Guide Updates:

STIG Viewer 3.7.0 Release Notes
Apple visionOS 26 STIG
HPE Alletra Storage ArcusOS STIG
Soaring Software Solutions TCMax 9.x STIG – Ver 1, Rel 1
Red Hat Enterprise Linux 10 STIG – Ver 1, Rel 1
Adobe Acrobat Professional DC Continuous Track STIG Benchmark – Ver 2, Rel 1

Updates & Announcements:

None

Special Publications, Interagency Reports, & Cybersecurity White Papers:

Updates & Announcements:

NIAP 2025 End of Year Report

Protection Profile Announcements:

NIAP Endorses CPP_DSC_V2.1
NIAP Endorses CPP_FDE_AA_v3.0
NIAP Endorses CPP_HCD_v1.1
NIAP Endorses CPP_FDE_EE_v3.0
PP-Module for Voice/Video over IP Version 2.0 Published
PP-Module for Enterprise Session Controller Version 2.0 Published
PP-Module for Session Boarder Controllers Version 2.0 Published
PP-Module for Intrusion Prevention System (IPS) Version 2.0 Published
PP-Module for Authentication Servers Version 2.0 Published

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Dir of Marketing
Jnelson@corsec.com

The post Fed Roundup: March 2026 appeared first on Corsec Security, Inc.®.

Corsec to Attend the 7th International Conference on the EU Cybersecurity and Resilience Acts

Jake Nelson — Tue, 10 Mar 2026 15:03:32 +0000

As the European Union continues to reshape its cybersecurity regulatory landscape, product vendors face a growing need for clarity, alignment, and practical guidance. Corsec is pleased to announce our attendance at the 7th International Conference on the EU Cyber Security and Resilience Acts, taking place March 24–26 in Brussels.

This year’s conference comes at a critical moment, as implementation of the Cyber Resilience Act (CRA) accelerates and the EU Common Criteria Scheme (EUCC) continues to evolve. Corsec will be on site to engage with regulators, certification bodies, industry peers, and product manufacturers to deepen our understanding—and to help translate regulatory intent into actionable security and compliance strategies.

Representing Corsec in Brussels

Corsec will be represented by Dayanandini Pathmanathan, Corsec’s Senior Program Manager for Common Criteria. With more than seven years of experience guiding Common Criteria certifications—and hands‑on involvement in FIPS 140 certification efforts—Dayanandini brings deep expertise at the intersection of product security engineering, certification schemes, and regulatory compliance. She holds a degree in Electrical Engineering and works closely with vendors navigating complex, multi‑jurisdictional requirements.

Why This Conference Matters to Product Vendors

The EU Cybersecurity Act Conference is not just about policy—it is about operational reality. For manufacturers selling into the European market, the CRA introduces new expectations around secure‑by‑design development, vulnerability handling, post‑market responsibilities, and supply‑chain accountability. At the same time, EUCC is redefining how Common Criteria evaluations are performed and recognized across Europe.

Corsec’s focus at the conference is to:

Gain deeper insight into how CRA requirements are being interpreted and operationalized
Understand how EUCC and CRA conformity assessments intersect
Collaborate with stakeholders to identify practical, scalable approaches for vendors of complex products
Bring clarity back to customers navigating overlapping standards, schemes, and enforcement timelines

Key Tracks & Sessions Corsec Will Be Following

Throughout the conference, Corsec will be actively engaging across several tracks that are particularly relevant to manufacturers:

The EU Cybersecurity Agenda 2025–2029: What It Means for Industry
This track provides a strategic view of the Commission’s priorities for the next legislative cycle, including CRA implementation, NIS 2 enforcement, and the future direction of certification schemes. For vendors, these discussions shape long‑term product and compliance planning.
From Regulation to Reality: How the EC Is Supporting CRA Implementation Across Europe
Sessions focused on how the European Commission is supporting harmonized CRA adoption offer insight into what “compliance” will look like in practice—and where flexibility or risk remains for manufacturers preparing today.
Certification in Practice: From EUCC to CRA Conformity
These discussions explore how EUCC, EUCS, and other schemes relate to CRA obligations. Understanding this mapping is essential for vendors deciding where certification adds value versus where it introduces unnecessary cost or duplication.
Designing for Lifecycle Security and Post‑Market Responsibility
CRA Articles addressing vulnerability reporting, patch delivery, and supply‑chain assurance are a major shift for many organizations. This track highlights what continuous compliance means beyond initial market entry.
Panel Discussion: AI Act Cybersecurity—Real-World Risks, Requirements, and What Comes Next
“The EU’s AI Act introduces sweeping new cybersecurity expectations—along with plenty of uncertainty. In this panel discussion, experts will break down how the rules reshape AI deployment, what “compliance” actually requires in practice, and where the biggest technical and organizational challenges lie. Panelists will provide a clear view of the security measures regulators expect, how to implement them without blowing up existing workflows, and what these obligations mean for your company’s risk landscape.”
The Cost of Compliance: New Realities for Testing, Assessment, and Post-Market Obligations
As assessment, testing, and post‑market obligations expand, vendors must budget realistically for long‑term compliance. This track addresses the emerging cost structures and tradeoffs organizations will face.
What Market Surveillance Authorities Expect from Manufacturers under the CRA
“What manufacturers need to provide under the CRA, information and supporting evidence to enable verification of compliance and assurance of requirements.”
Too Much Already, Supply Chain Security? A Sensible Approach to Rating True Potential Vulnerabilities Is Needed
“Threat modeling and product-context analysis to cut through the ~140 daily EUVD CVE filings and distinguish real, exploitable vulnerabilities from inflated worst-case assessments.”
Vulnerability Management in Consumer IoT: Why No IoT Manufacturer Is Ready for CRA Vulnerability Management (And How to Fix It)
With increasing scrutiny from Market Surveillance Authorities, manufacturers must be prepared to demonstrate not only secure design, but effective vulnerability monitoring, reporting, and remediation over time.
Panel Discussion: Navigating Fragmented Global Cyber Regulations
With overlapping global frameworks—from CRA and EUCC to international standards—this panel addresses whether meaningful harmonization is achievable and what manufacturers can do in the meantime.

Corsec’s Approach: Learn, Collaborate, Guide

Corsec’s participation reflects our commitment to learning directly from regulators and peers, collaborating across the ecosystem, and using those insights to guide product vendors with clear, experience‑based recommendations. Our goal is not just compliance—but helping vendors build security programs that are defensible, sustainable, and aligned with real regulatory expectations.

Looking Ahead

This conference is an important step in an ongoing conversation. Following the event, Corsec will share insights and observations on what manufacturers should be paying attention to as CRA enforcement approaches and EUCC continues to mature.

If you are preparing for CRA, evaluating EUCC certification paths, or reassessing your vulnerability management and post‑market strategies, we encourage you to connect with Corsec to discuss how these developments may impact your products and roadmap.

Stay tuned for post‑conference insights from Brussels.

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Dir of Marketing
Jnelson@corsec.com

The post Corsec to Attend the 7th International Conference on the EU Cybersecurity and Resilience Acts appeared first on Corsec Security, Inc.®.

Fed Roundup: February 2026

Jake Nelson — Tue, 03 Mar 2026 19:45:37 +0000

DISA News

Announcements:

Security Technical Implementation Guide Updates:

Adobe Acrobat Professional DC Continuous Track Draft STIG Benchmark – Ver 1, Rel 0.1
Adobe Acrobat Professional DC Continuous Track Draft STIG Benchmark Comment Matrix
Oracle Linux 9 STIG for Ansible – Ver 1, Rel 4
Oracle Linux 9 STIG for Chef – Ver 1, Rel 4
Nutanix Acropolis STIG
MongoDB Enterprise Advanced 8.x STIG – Ver 1, Rel 1
Microsoft Windows Server 2025 STIG – Ver 1, Rel 1
Zebra Android 14 STIG

NIST News

Updates & Announcements:

None

Special Publications, Interagency Reports, & Cybersecurity White Papers:

- IPD SP 1800-39: Data Classification Practices

NIAP News

Updates & Announcements:

None

Protection Profile Announcements:

PP-Module for LiFi Access System Version 1.0

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Dir of Marketing
Jnelson@corsec.com

The post Fed Roundup: February 2026 appeared first on Corsec Security, Inc.®.

Fed Roundup: January 2026

Jake Nelson — Tue, 03 Feb 2026 16:50:20 +0000

DISA News

Announcements:

DISA launches new cloud management platform

Security Technical Implementation Guide Updates:

Symantec Edge SWG STIG
Adobe ColdFusion STIG – Ver 1, Rel 1
F5 NGINX STIG – Ver 1, Rel 1
Canonical Ubuntu 22.04 LTS STIG SCAP Benchmark – Ver 2, Rel 5
Canonical Ubuntu 24.04 LTS STIG SCAP Benchmark – Ver 1, Rel 3
Oracle Linux 9 STIG SCAP Benchmark – Ver 1, Rel 2
Oracle Linux 8 STIG SCAP Benchmark – Ver 2, Rel 7
Oracle Linux 8 STIG for Ansible – Ver 2, Rel 7
Tri-Lab Operating System Stack (TOSS) 4 STIG SCAP Benchmark – Ver 2, Rel 5
Tri-Lab Operating System Stack (TOSS) 4 STIG – Ver 2, Rel 4
SUSE Linux Enterprise Server 15 STIG SCAP Benchmark – Ver 2, Rel 7
SUSE Linux Enterprise Server 15 STIG – Ver 2, Rel 6
SUSE Linux Enterprise Server 15 for Ansible – Ver 2, Rel 6
SUSE Linux Enterprise Server 12 STIG – Ver 3, Rel 4
SUSE Linux Enterprise Micro 5 STIG – Ver 1, Rel 3
Solaris 11 x86 STIG Benchmark – Ver 3, Rel 4
Solaris 11 x86 STIG – Ver 3, Rel 4
Solaris 11 SPARC STIG Benchmark – Ver 3, Rel 4
Solaris 11 SPARC STIG – Ver 3, Rel 4
Red Hat Enterprise Linux 9 STIG SCAP Benchmark – Ver 2, Rel 7
Red Hat Enterprise Linux 8 STIG SCAP Benchmark – Ver 2, Rel 6
Red Hat OpenShift Container Platform 4.x STIG – Ver 2, Rel 5
Red Hat Enterprise Linux 9 STIG for Chef – Ver 2, Rel 7
Red Hat Enterprise Linux 9 STIG for Ansible- Ver 2, Rel 7
Red Hat Enterprise Linux 8 STIG for Ansible – Ver 2, Rel 6
Mozilla Firefox for Windows STIG SCAP Benchmark – Ver 6, Rel 7
Mozilla Firefox for Linux STIG SCAP Benchmark – Ver 6, Rel 6
Microsoft Windows Server 2022 STIG SCAP Benchmark – Ver 2, Rel 7
Microsoft Windows Server 2019 STIG SCAP Benchmark – Ver 3, Rel 7
Microsoft Office 365 ProPlus STIG SCAP Benchmark – Ver 3, Rel 7
Microsoft Edge STIG Benchmark – Ver 2, Rel 4
Microsoft Defender Antivirus STIG SCAP Benchmark – Ver 2, Rel 7
Microsoft SQL Server 2022 STIG
Microsoft SQL Server 2016 STIG
Microsoft Internet Explorer 11 STIG – Ver 2, Rel 6
Microsoft IIS 10.0 STIG
Microsoft Edge STIG – Ver 2, Rel 4
Microsoft Defender Antivirus STIG – Ver 2, Rel 7
Kubernetes STIG SCAP Benchmark – Ver 2, Rel 4
Kubernetes STIG – Ver 2, Rel 5
Canonical Ubuntu 24.04 LTS STIG for Ansible – Ver 1, Rel 4
Canonical Ubuntu 24.04 LTS STIG for Chef – Ver 1, Rel 4
Apple iOS/iPadOS 26 STIG – Ver 1, Rel 2
Amazon Linux 2023 STIG – Ver 1, Rel 2
Axonius Federal Systems Ax-OS STIG – Ver 1, Rel 2
Cisco ACI STIG
Microsoft Defender for Endpoint STIG, Ver 1, Rel 2
Xylok Security Suite 20.x STIG – Ver 1, Rel 2
Juniper EX Series Switches STIG
IBM z/OS STIG
IBM WebSphere Liberty Server STIG – Ver 2, Rel 3
Fortinet FortiGate Firewall STIG
Dragos Platform 2.x STIG – Ver 1, Rel 5
Cloud Linux AlmaLinux OS 9 STIG – Ver 1, Rel 5
Cisco NX OS Switch STIG
Cisco ISE STIG
Cisco IOS XR Router STIG
Cisco IOS XE Switch STIG
Cisco IOS XE Router STIG
Cisco IOS Switch STIG
Cisco IOS Router STIG
Cisco ASA STIG
Canonical Ubuntu 24.04 LTS STIG – Ver 1, Rel 4
Canonical Ubuntu 22.04 LTS STIG for Chef – Ver 2, Rel 7
Canonical Ubuntu 22.04 LTS STIG for Ansible – Ver 2, Rel 7
Canonical Ubuntu 22.04 LTS STIG – Ver 2, Rel 7
Apple macOS 15 (Sequoia) STIG – Ver 1, Rel 6
Active Directory Domain STIG – Ver 3, Rel 6
Red Hat Enterprise Linux 9 STIG – Ver 2, Rel 7
Red Hat Enterprise Linux 8 STIG – Ver 2, Rel 6
Red Hat Ansible Automation Controller STIG
Rancher Government Solutions RKE2 STIG – Ver 2, Rel 5
Rancher Government Solutions Multi-Cluster Manager STIG – Ver 2, Rel 2
Oracle Linux 9 STIG – Ver 1, Rel 4
Oracle Linux 8 STIG – Ver 2, Rel 7
Oracle Database 19c STIG – Ver 1, Rel 4
Okta IDaaS STIG – Ver 1, Rel 2
NetApp ONTAP DSC 9.x STIG – Ver 2, Rel 3
Mozilla Firefox STIG – Ver 6, Rel 7
Microsoft Windows Server 2022 STIG – Ver 2, Rel 7
Microsoft Windows Server 2019 STIG – Ver 3, Rel 7
Microsoft Windows 11 STIG – Ver 2, Rel 6
Microsoft Windows 11 STIG SCAP Benchmark – Ver 2, Rel 7

NIST News

Updates & Announcements:

None

Special Publications, Interagency Reports, & Cybersecurity White Papers:

NIAP News

Updates & Announcements:

Call for Participants in the Enterprise Management Technical Community
Call for Participants in the Virtualization Technical Community and Kick-off Announcement

Protection Profile Announcements:

PP-Module for Host Agent Version 2.0
PP-Module for Endpoint Detection and Response Version 2.0

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Dir of Marketing
Jnelson@corsec.com

The post Fed Roundup: January 2026 appeared first on Corsec Security, Inc.®.

Fed Roundup: December 2025

Jake Nelson — Thu, 08 Jan 2026 17:39:09 +0000

DISA News

Announcements:

DISA calls for strengthened partnerships with industry during their Forecast to Industry 2025 event

Security Technical Implementation Guide Updates:

Microsoft Azure SQL Managed Instance STIG – Ver 1, Rel 1
1 All SRG-STIGs Public (U)
Canonical Ubuntu 24.04 LTS STIG SCAP Benchmark – Ver 1, Rel 2
Oracle Linux 8 STIG SCAP Benchmark – Ver 2, Rel 6
Cisco NX OS Switch STIG
Cisco IOS Switch STIG
Canonical Ubuntu 24.04 LTS STIG – Ver 1, Rel 3
Canonical Ubuntu 24.04 LTS STIG for Chef – Ver 1, Rel 3
Riverbed NetIM STIG
Apple vision OS 2
Oracle Linux 9 STIG SCAP Benchmark – Ver 1, Rel 1
Apple iOS/iPadOS 26 STIG – Ver 1, Rel 1
Microsoft Office 365 ProPlus STIG SCAP Benchmark – Ver 3, Rel 6
Microsoft Defender Antivirus STIG SCAP Benchmark – Ver 2, Rel 6
Cisco IOS XE Router RTR STIG SCAP Benchmark – Ver 3, Rel 4
Cisco IOS XE Router NDM STIG SCAP Benchmark – Ver 3, Rel 4
Canonical Ubuntu 24.04 LTS STIG for Ansible – Ver 1, Rel 3
Canonical Ubuntu 22.04 LTS STIG SCAP Benchmark – Ver 2, Rel 4
Apple macOS 26 (Tahoe) STIG – Ver 1, Rel 1

NIST News

Updates & Announcements:

None

Special Publications, Interagency Reports, & Cybersecurity White Papers:

NIAP News

Updates & Announcements:

None

Protection Profile Announcements:

NIAP Endorses CPP ND V4.0

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Dir of Marketing
Jnelson@corsec.com

The post Fed Roundup: December 2025 appeared first on Corsec Security, Inc.®.

Fed Roundup: November 2025

Jake Nelson — Tue, 02 Dec 2025 16:03:25 +0000

DISA News

Announcements:

DISA is modernizing its Data Centers

Security Technical Implementation Guide Updates:

Anduril NixOS STIG – Ver 1, Rel 2
Application Programming Interface (API) SRG – Ver 1, Rel 1
Application Security and Development STIG – Ver 6, Rel 4
Apple macOS 15 (Sequoia) STIG – Ver 1, Rel 5
Apache Tomcat Application Server 9 STIG – Ver 3, Rel 3
Canonical Ubuntu 22.04 LTS STIG for Chef – Ver 2, Rel 6
Canonical Ubuntu 22.04 LTS STIG for Ansible – Ver 2, Rel 6
Canonical Ubuntu 22.04 LTS STIG – Ver 2, Rel 6
Canonical Ubuntu 24.04 LTS STIG – Ver 1, Rel 3
Cloud Linux AlmaLinux OS 9 STIG – Ver 1, Rel 3
Cisco IOS XR Router STIG
Cisco IOS XE Switch STIG
Cisco IOS XE Router STIG
Cisco IOS Router STIG
Dragos Platform 2.x STIG – Ver 1, Rel 4
Google Android 15 STIG
Google Android 14 STIG
Google Android 14 BYOAD STIG
IBM z/OS STIG
Ivanti Connect Secure STIG
MariaDB Enterprise 10.x STIG – Ver 2, Rel 4
Microsoft Windows Server 2022 STIG – Ver 2, Rel 6
Microsoft Windows Server 2019 STIG – Ver 3, Rel 6
Microsoft Windows 11 STIG – Ver 2, Rel 5
Microsoft Windows 10 STIG – Ver 3, Rel 5
Microsoft SQL Server 2022 STIG
Microsoft Office 365 ProPlus STIG – Ver 3, Rel 4
Microsoft IIS 10.0 STIG
Oracle Linux 9 STIG – Ver 1, Rel 3
Oracle Linux 8 STIG for Ansible – Ver 2, Rel 6
Oracle Linux 8 STIG – Ver 2, Rel 6
Oracle Database 19c STIG – Ver 1, Rel 3
Rancher Government Solutions RKE2 STIG – Ver 2, Rel 4
Red Hat OpenShift Container Platform 4.x STIG – Ver 2, Rel 4
Red Hat Enterprise Linux 9 STIG for Chef – Ver 2, Rel 6
Red Hat Enterprise Linux 9 STIG for Ansible- Ver 2, Rel 6
Red Hat Enterprise Linux 9 STIG – Ver 2, Rel 6
Red Hat Enterprise Linux 8 STIG for Ansible – Ver 2, Rel 5
Red Hat Enterprise Linux 8 STIG – Ver 2, Rel 5
Samsung Android OS 15 with Knox 3.x STIG
Samsung Android OS 14 with Knox 3.x STIG
Samsung Android 15 BYOAD STIG
Samsung Android 14 BYOAD STIG
Traditional Security STIG Checklist – Ver 2, Rel 7
Tri-Lab Operating System Stack (TOSS) 4 STIG – Ver 2, Rel 3

NIST News

Updates & Announcements:

None

Special Publications, Interagency Reports, & Cybersecurity White Papers:

NIAP News

Updates & Announcements:

NIAP Progress Report – Third Quarter 2025

Protection Profile Announcements:

PP-Module for Virtual Private Network Version 3.0

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Dir of Marketing
Jnelson@corsec.com

The post Fed Roundup: November 2025 appeared first on Corsec Security, Inc.®.

Fed Roundup: August 2025

Jake Nelson — Wed, 03 Sep 2025 18:13:27 +0000

DISA News

Announcements:

Security Technical Implementation Guide Updates:

Apple iOS/iPadOS 18 – Ver 2, Rel 1
Compilation – SRG-STIG Library (U)
Cloud Computing SRG
Microsoft Defender Antivirus STIG – Ver 2, Rel 5

NIST News

Updates & Announcements:

None

Special Publications, Interagency Reports, & Cybersecurity White Papers:

NIAP News

Updates & Announcements:

1st Quarter Progress Report

Protection Profile Announcements:

None

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Dir of Marketing
Jnelson@corsec.com

The post Fed Roundup: August 2025 appeared first on Corsec Security, Inc.®.

The DoDIN APL Program Is Ending

Jake Nelson — Wed, 06 Aug 2025 14:47:18 +0000

On July 18th, DISA released a final memo regarding the DoDIN APL. Although brief, the subject of the document was to announce that the DoDIN APL, as it is known today, is going to sunset (cease to exist).

The following dates were referenced within the memo:

The APL program will be sunset on September 30, 2025
All testing will be completed by December 31, 2025
DISA will maintain the repository of approved DoDIN APL products through FY 2026
Any work that cannot be completed by that time will be returned to the vendor
Moving forward, cybersecurity requirements will transition to the DISA RME Vendor Security Technical Implementation Guides (STIG) program
Interoperability (IO) requirements will be identified by a soon to be updated Unified
Capabilities Requirements (UCR)-CORE document and enforced through
contractual provisions

Although this is a big change, the new direction indicates aspects of the program will remain – the most notable being STIG authoring and or testing.

This shift in the program means developing a plan and strategy to address compliance/security requirements for the DoD is now arguably more important without the APL to backup vendor claims through listings. Areas like FIPS 140-3, Common Criteria (EAL), STIG compliance, UCR conformance, etc. will be critical. These certifications will likely become increasingly relied upon as proof of security and testing by a Government program now that the DoD won’t have its own.

The time to complete STIG work (which should continue to be required for DoD sales) will be reduced and the cost will drop as well. Corsec believes it will take time for all the military agencies and offices to become aware of the change that occurred over the past few weeks. As such, it is important to talk to your customers and prospects directly.

If you would like to speak directly with a member of our team, set a time to talk to our experts.

About The DoDIN APL

For 15 years, the DoDIN APL represented the agency’s master list of secure, trusted, and approved technology infrastructure products. The DoDIN APL was developed in an effort to maintain a single consolidated list of products that have completed Interoperability (IO) and Information Assurance (IA) / Cybersecurity (CS) certification. Getting a product included on this coveted list involved a rigorous 39-step process overseen by the Approved Products Certification Office (APCO). This laborious and often confusing process involved the submission of a series of properly completed forms and product documentation, attainment of prerequisite validations, and adherence to strict scheduling guidelines and interdependencies.

About Corsec Security, Inc.

For over 27 years, Corsec has assisted companies through the IT security certification process for FIPS 140-2 / FIPS 140-3, Common Criteria (CC), CSfC, and the DoD’s APL. We are a privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Corsec Director of Marketing
jnelson@corsec.com

The post The DoDIN APL Program Is Ending appeared first on Corsec Security, Inc.®.