<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>Corsec Security, Inc.®</title>
	<atom:link href="https://www.corsec.com/feed/" rel="self" type="application/rss+xml" />
	<link>https://www.corsec.com/</link>
	<description>Corsec helps companies complete security certifications and validations like FIPS 140-3, Common Criteria, CSfC, &#38; the DoDIN APL / UC APL.</description>
	<lastBuildDate>Wed, 01 Jul 2026 19:39:54 +0000</lastBuildDate>
	<language>en-GB</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	

<image>
	<url>https://www.corsec.com/wp-content/uploads/cropped-Corsec-Logo-SiteMap-32x32.png</url>
	<title>Corsec Security, Inc.®</title>
	<link>https://www.corsec.com/</link>
	<width>32</width>
	<height>32</height>
</image> 
	<item>
		<title>Post Quantum Compliance: A New White House PQC Order Impacts Federal Product Vendors</title>
		<link>https://www.corsec.com/eo-pqc/</link>
		
		<dc:creator><![CDATA[Jake Nelson]]></dc:creator>
		<pubDate>Thu, 02 Jul 2026 13:30:33 +0000</pubDate>
				<category><![CDATA[Common Criteria]]></category>
		<category><![CDATA[FIPS 140-3]]></category>
		<category><![CDATA[News]]></category>
		<category><![CDATA[PQC]]></category>
		<category><![CDATA[Security]]></category>
		<category><![CDATA[STIG]]></category>
		<category><![CDATA[EO]]></category>
		<category><![CDATA[NIST]]></category>
		<guid isPermaLink="false">https://www.corsec.com/?p=22662</guid>

					<description><![CDATA[<p>The post <a href="https://www.corsec.com/eo-pqc/">Post Quantum Compliance: A New White House PQC Order Impacts Federal Product Vendors</a> appeared first on <a href="https://www.corsec.com">Corsec Security, Inc.®</a>.</p>
]]></description>
										<content:encoded><![CDATA[<div class="wpb-content-wrapper"><div class="vc_row wpb_row vc_row-fluid"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<p>On June 22, 2026, the White House issued Executive Order 14412, <strong>“Securing the Nation Against Advanced Cryptographic Attacks,”</strong> signaling a major acceleration in the federal government&#8217;s transition to post-quantum cryptography (PQC). The Executive Order recognizes a growing national security concern: adversaries can collect encrypted data today and potentially decrypt it in the future once large-scale quantum computers become operational, a threat commonly referred to as <em>“harvest now, decrypt later.”</em></p>
<p>While the Order is directed primarily at federal agencies, the implications extend far beyond government networks. For technology vendors that sell into the federal market, the message is clear: <strong>quantum readiness is becoming a compliance and procurement issue, not just a technical roadmap discussion.</strong></p>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<h3>A Faster Federal Timeline for Post-Quantum Security</h3>
<div>
<p>The Executive Order directs federal agencies to accelerate their migration to NIST-approved post-quantum cryptographic standards and establish agency-wide PQC migration strategies. Agencies must inventory cryptographic assets, designate PQC migration leaders, prioritize high-value systems, and transition critical use cases to PQC by 2030 and 2031. The Order also calls for expanded guidance from NIST, NSA, and DHS, along with pilot implementations to demonstrate successful migrations.</p>
<p>Perhaps most significant for industry, the accompanying White House Fact Sheet states that the Federal Acquisition Regulatory Council will require covered contractors to meet certain federal cybersecurity standards and vulnerability disclosure requirements by the end of 2030.</p>
<div>For federal product companies, this represents another clear signal that cybersecurity certifications and validated security claims will increasingly influence procurement decisions and contract eligibility.</div>
</div>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<h3 data-start="2608" data-end="2759"><span style="font-size: 16px;">Why FIPS 140-3 Matters More Than Ever</span></h3>
<div>
<p>One of the most important details in the Executive Order is its direct reference to the <strong>Cryptographic Module Validation Program (CMVP)</strong> and <span style="color: #339966;"><a style="color: #339966;" href="https://www.corsec.com/fips-140-3/" target="_blank" rel="noopener"><strong>FIPS 140-3</strong></a></span>, the federal standard governing cryptographic modules. The Order explicitly defines the CMVP by referencing FIPS 140-3, underscoring the central role validated cryptography will play in the federal government&#8217;s PQC migration. For vendors, the challenge is not simply adopting new post-quantum algorithms.</p>
<p>The federal market will increasingly expect cryptographic implementations to be incorporated into validated cryptographic modules and supported by formal assurance programs. Organizations should begin assessing how their cryptographic architectures will evolve as post-quantum algorithms become integrated into future FIPS 140-3 validations.</p>
<p>Many vendors have historically viewed FIPS validation as a program needed only when a procurement requirement explicitly calls for it. The new Executive Order suggests a broader reality: <strong>validated cryptography is becoming foundational to federal quantum readiness.</strong></p>
</div>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<h3>The Growing Connection to Common Criteria and NIAP</h3>
<div>
<p>The Executive Order does not directly mandate <span style="color: #ff6600;"><a style="color: #ff6600;" href="https://www.corsec.com/common-criteria/" target="_blank" rel="noopener">Common Criteria certification</a></span>. However, federal agencies face a practical challenge when adopting quantum-resistant technologies: they must be confident that security functions continue to operate as intended after significant architectural changes.</p>
<p>This is where the National Information Assurance Partnership (NIAP) and Common Criteria evaluations become increasingly relevant.</p>
<p>Historically, federal procurement policies have emphasized the use of NIAP-approved products for many cybersecurity categories. Internal federal guidance has long linked the use of Common Criteria-certified products and FIPS-validated cryptography as complementary assurance mechanisms for technology acquisitions.</p>
<p>As vendors redesign security products to incorporate:</p>
<ul>
<li>Quantum-resistant key exchange</li>
<li>New digital signature algorithms</li>
<li>Hybrid cryptographic implementations</li>
<li>Updated trust architectures</li>
</ul>
<p>those changes may impact both cryptographic validation boundaries and evaluated security functionality.</p>
<p>For organizations already maintaining NIAP certifications, quantum migration should be viewed through a compliance lens rather than solely a technical one. Engineering changes introduced to support PQC may have implications for future certification maintenance, evaluation activities, and product roadmaps.</p>
</div>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<h3><span style="font-size: 16px;">What About DoD STIGs?</span></h3>
<div>
<p>The Department of Defense will face many of the same quantum migration challenges outlined in the Executive Order. Although <span style="color: #3366ff;"><a style="color: #3366ff;" href="https://www.corsec.com/stig/" target="_blank" rel="noopener">DoD Security Technical Implementation Guides (STIGs)</a></span> are not specifically addressed in the Order, they play an important role in how secure technologies are deployed within defense environments.</p>
<p>Historically, STIG requirements evolve to reflect emerging federal cybersecurity mandates and approved technologies. As NIST, NSA, and other agencies publish guidance for post-quantum implementation, vendors should expect quantum-resilient cryptography to gradually influence secure configuration baselines and deployment expectations across defense environments.</p>
<p>For products deployed within DoD environments, compliance teams should monitor future updates for:</p>
<ul>
<li>Cryptographic configuration requirements</li>
<li>Key management practices</li>
<li>Certificate and PKI guidance</li>
<li>Approved algorithm usage</li>
<li>Secure communications controls</li>
</ul>
<p>Vendors that proactively align product roadmaps with emerging federal quantum guidance will be better positioned when future requirements are incorporated into operational frameworks.</p>
</div>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<h3><span style="font-size: 16px;">Compliance Is Becoming a Competitive Advantage</span></h3>
<div>
<p>The most important takeaway from the Executive Order is that quantum readiness is no longer a distant research topic. It is entering the realm of procurement policy, cybersecurity requirements, and compliance strategy.</p>
<p>Federal buyers are not simply looking for products that support post-quantum cryptography; they will increasingly need assurance that those capabilities are implemented securely, validated appropriately, and deployable in regulated environments.</p>
<p>Organizations that begin planning now by developing a post-quantum migration strategy will be better positioned to maintain eligibility for federal opportunities as the government&#8217;s quantum transition accelerates.</p>
</div>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<p data-start="1449" data-end="1741" data-is-last-node="" data-is-only-node=""><span style="color: #339966;"><strong>To help organizations navigate PQC requirements and FiPS 140-3, <a style="color: #339966;" href="https://ww3.corsec.com/get-in-touch" target="_blank" rel="noopener">Corsec is setting calls with product vendors</a> to outline security roadmaps.</strong></span></p>

		</div>
	</div>
</div></div></div></div><div class="vc_row wpb_row vc_row-fluid"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper"><div class="vc_separator wpb_content_element vc_separator_align_center vc_sep_width_100 vc_sep_pos_align_center vc_separator_no_text vc_sep_color_grey wpb_content_element  wpb_content_element" ><span class="vc_sep_holder vc_sep_holder_l"><span class="vc_sep_line"></span></span><span class="vc_sep_holder vc_sep_holder_r"><span class="vc_sep_line"></span></span>
</div></div></div></div></div><div class="vc_row wpb_row vc_row-fluid"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<h5 class="wpb_wrapper"><strong>About Corsec Security, Inc.</strong></h5>
</div>
<div class="wpb_text_column wpb_content_element ">
<div class="wpb_wrapper">
<p>For 28+ years Corsec has guided companies through the IT security certification process for <span style="color: #008000;"><strong><a style="color: #008000;" href="https://www.corsec.com/fips-140-2/" target="_blank" rel="noopener">FIPS 140-2</a> / <a style="color: #008000;" href="https://www.corsec.com/fips-140-3/" target="_blank" rel="noopener">FIPS 140-3</a></strong>,</span> <span style="color: #ff6600;"><a style="color: #ff6600;" href="https://www.corsec.com/common-criteria/" target="_blank" rel="noopener"><strong>Common Criteria</strong></a></span> (CC), <strong><span style="color: #872b2b;"><a style="color: #872b2b;" href="https://www.corsec.com/csfc/" target="_blank" rel="noopener">CSfC</a></span></strong>, and the <span style="color: #0000ff;"><strong>DoD (<a style="color: #0000ff;" href="https://www.corsec.com/stig/" target="_blank" rel="noopener">STIGs</a>, <a style="color: #0000ff;" href="https://www.corsec.com/dodin-apl/" target="_blank" rel="noopener">DoDIN APL, UC APL</a>)</strong></span>. From mobile devices to satellites, Corsec helps companies reduce validation risk, shorten timelines, and expand into regulated markets.</p>
</div>
</div>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<div class="wpb_text_column wpb_content_element "></div>
<div class="wpb_text_column wpb_content_element ">
<div class="wpb_wrapper">
<p style="text-align: center;">###</p>
</div>
</div>
</div>

		</div>
	</div>
</div></div></div></div><div class="vc_row wpb_row vc_row-fluid"><div class="wpb_column vc_column_container vc_col-sm-6"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<h5 class="wpb_wrapper" style="text-align: left;"><strong style="color: #000000;"><a style="color: #000000;" href="https://www.corsec.com/company/contact-us/">Connect With Us:</a></strong></h5>
<p>Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – <a href="https://ww3.corsec.com/subscribe" target="_blank" rel="noopener"><span style="color: #0000ff;">Subscribe</span></a></p>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<h5 class="wpb_wrapper" style="text-align: left;"><a href="https://ww3.corsec.com/linkedin"><img decoding="async" class="alignnone" src="https://www.corsec.com/wp-content/uploads/LinkedIn.png" sizes="(max-width: 40px) 100vw, 40px" srcset="https://www.corsec.com/wp-content/uploads/LinkedIn.png 128w, https://www.corsec.com/wp-content/uploads/LinkedIn-150x150.png 150w" alt="LinkedIn" width="35" height="35" /></a>     <a href="https://ww3.corsec.com/twitter"><img decoding="async" class="alignnone" title="https://ww3.corsec.com/twitter" src="https://www.corsec.com/wp-content/uploads/Twitter.png" sizes="(max-width: 40px) 100vw, 40px" srcset="https://www.corsec.com/wp-content/uploads/Twitter.png 128w, https://www.corsec.com/wp-content/uploads/Twitter-150x150.png 150w" alt="Twitter" width="35" height="35" /></a>    <a href="https://ww3.corsec.com/facebook"><img decoding="async" class="alignnone" src="https://www.corsec.com/wp-content/uploads/Facebook.png" sizes="(max-width: 40px) 100vw, 40px" srcset="https://www.corsec.com/wp-content/uploads/Facebook.png 128w, https://www.corsec.com/wp-content/uploads/Facebook-150x150.png 150w" alt="Facebook" width="35" height="35" /></a></h5>

		</div>
	</div>
</div></div></div><div class="wpb_column vc_column_container vc_col-sm-6"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<div class="wpb_text_column wpb_content_element ">
<h5 class="wpb_wrapper" style="text-align: left;"><strong style="color: #000000;"><a style="color: #000000;" href="https://www.corsec.com/company/contact-us/">Press Contact:</a></strong></h5>
<p><span style="color: #3366ff;"><a style="color: #3366ff;" href="https://www.linkedin.com/in/jake-r-nelson/" target="_blank" rel="noopener">Jake Nelson</a></span><br />
Corsec Head of Marketing &amp; BD<br />
jnelson@corsec.com</p>
</div>
</div>

		</div>
	</div>
</div></div></div></div>
</div><p>The post <a href="https://www.corsec.com/eo-pqc/">Post Quantum Compliance: A New White House PQC Order Impacts Federal Product Vendors</a> appeared first on <a href="https://www.corsec.com">Corsec Security, Inc.®</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Fed Roundup: June 2026</title>
		<link>https://www.corsec.com/fed-june26/</link>
		
		<dc:creator><![CDATA[Jake Nelson]]></dc:creator>
		<pubDate>Wed, 01 Jul 2026 17:13:10 +0000</pubDate>
				<category><![CDATA[Algorithm Testing]]></category>
		<category><![CDATA[Common Criteria]]></category>
		<category><![CDATA[FIPS 140-3]]></category>
		<category><![CDATA[News]]></category>
		<category><![CDATA[STIG]]></category>
		<category><![CDATA[DISA]]></category>
		<category><![CDATA[NIAP]]></category>
		<category><![CDATA[NIST]]></category>
		<guid isPermaLink="false">https://www.corsec.com/?p=22654</guid>

					<description><![CDATA[<p>The post <a href="https://www.corsec.com/fed-june26/">Fed Roundup: June 2026</a> appeared first on <a href="https://www.corsec.com">Corsec Security, Inc.®</a>.</p>
]]></description>
										<content:encoded><![CDATA[<div class="wpb-content-wrapper"><div class="vc_row wpb_row vc_row-fluid"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<h5 class="wpb_wrapper" style="text-align: left;"><strong style="color: #000000;">DISA News</strong></h5>
<h5 style="padding-left: 30px;"><span style="color: #000000;">Announcements:</span></h5>
<ul>
<li><a href="https://www.disa.mil/newsroom/article/20YRw00000LmMOmMAN" target="_blank" rel="noopener">DISA Chief Urges Unified Cyber Defense Teaming to Meet Emerging AI-Era Threats</a></li>
<li><a href="https://www.disa.mil/newsroom/article/20YRw00000Luaj4MAB" target="_blank" rel="noopener">DISA Unveils New Zero Trust–Driven Coalition Network Strategy to Strengthen Secure, Interoperable Warfare Operations with Allies</a></li>
<li><a href="https://www.disa.mil/newsroom/article/20YRw00000MLbG5MAL" target="_blank" rel="noopener">ReForged Creates a Faster Path from Legacy Code to AI-Enabled Warfighter Capabilities</a></li>
</ul>
<h5 style="padding-left: 30px;"><span style="color: #000000;"><a style="color: #000000;" href="https://public.cyber.mil/stigs/">Security Technical Implementation Guide Updates:</a></span></h5>
<ul>
<li data-section-id="mimdvc" data-start="795" data-end="826">Apple visionOS 26</li>
<li data-section-id="mimdvc" data-start="795" data-end="826">Apple vision OS 2</li>
<li data-section-id="mimdvc" data-start="795" data-end="826">Apple iOS/iPadOS 26 &#8211; Ver 1, Rel 3</li>
<li data-section-id="mimdvc" data-start="795" data-end="826">Samsung Android 16</li>
<li data-section-id="mimdvc" data-start="795" data-end="826">Google Android 16</li>
<li data-section-id="mimdvc" data-start="795" data-end="826">Zebra Android 14</li>
<li data-section-id="mimdvc" data-start="795" data-end="826">Google Android 15</li>
<li data-section-id="mimdvc" data-start="795" data-end="826">Google Android 14</li>
<li data-section-id="mimdvc" data-start="795" data-end="826">Apple iOS/iPadOS 18 &#8211; Ver 2, Rel 3</li>
<li data-section-id="mimdvc" data-start="795" data-end="826">Omnissa Workspace ONE UEM</li>
</ul>
</div>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<h5 class="wpb_wrapper" style="text-align: left;"><strong style="color: #000000;"><a style="color: #000000;" href="https://csrc.nist.gov/News">NIST News</a></strong></h5>
<h5 style="padding-left: 30px;"><span style="color: #000000;">Updates &amp; Announcements:</span></h5>
<ul>
<li>None</li>
</ul>
<h5 style="padding-left: 30px;"><span style="color: #000000;">Special Publications, Interagency Reports, &amp; Cybersecurity White Papers:</span></h5>
<ul>
<li><a href="https://csrc.nist.gov/News/2026/gcm-and-gmac-block-cipher-modes-of-operation" target="_blank" rel="noopener">2nd Call for Comments on SP 800-38D, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC</a></li>
<li><a href="https://csrc.nist.gov/News/2026/nist-releases-two-updated-scap-publications" target="_blank" rel="noopener">SP 800-126r4 (Revision 4), Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.4</a></li>
<li><a href="https://csrc.nist.gov/News/2026/nist-releases-two-updated-scap-publications" target="_blank" rel="noopener">SP 800-126Ar4, SCAP 1.4 Component Specification Version Updates: An Annex to NIST SP 800-126r4</a></li>
<li><a href="https://csrc.nist.gov/News/2026/ransomware-risk-management-ir-8374r1" target="_blank" rel="noopener">NIST IR 8374 Revision 1, Ransomware Risk Management: A Cybersecurity Framework (CSF) 2.0 Community Profile</a></li>
<li><a href="https://csrc.nist.gov/News/2026/pqc-updates-to-piv-standards-working-drafts" target="_blank" rel="noopener">Draft Post-Quantum Cryptography Updates to the PIV Standards</a></li>
<li><a href="https://csrc.nist.gov/News/2026/cybersecurity-for-iot-workshop-future-directions" target="_blank" rel="noopener">NIST IR 8618 “Cybersecurity for IoT Workshop: Future Directions”</a></li>
<li><a href="https://csrc.nist.gov/News/2026/now-available-ot-backup-qsg" target="_blank" rel="noopener">SP 1339, Operational Technology Backup Quick Start Guide</a></li>
<li><a href="https://csrc.nist.gov/News/2026/draft-sp-800-219r2-available-for-public-comment" target="_blank" rel="noopener">Draft SP 800-219r2 (Revision 2), Automated Secure Configuration Guidance From the macOS Security Compliance Project (mSCP)</a></li>
<li><a href="https://csrc.nist.gov/News/2026/nist-releases-sp-800-213r1-ipd" target="_blank" rel="noopener">SP 800-213r1 (Revision 1), IoT Product Cybersecurity Guidelines for the Federal Government: Establishing IoT Product Cybersecurity Requirements</a></li>
<li><a href="https://csrc.nist.gov/News/2026/cyber-for-water-wastewater-sector" target="_blank" rel="noopener">SP 1800-45, Cybersecurity for the Water and Wastewater Sector: Build Architecture</a></li>
<li><a href="https://csrc.nist.gov/News/2026/comment-on-nccoe-s-draft-ot-cybersecurity-project" target="_blank" rel="noopener">Draft Project Description Asset Management as a Foundation for OT Cybersecurity</a></li>
<li><a href="https://csrc.nist.gov/News/2026/nist-releases-sp-800-18r2" target="_blank" rel="noopener">SP 800-18r2 (Revision 2), Developing Security, Privacy, and Cybersecurity Supply Chain Risk Management Plans for Systems</a></li>
</ul>
</div>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<h5 class="wpb_wrapper" style="text-align: left;"><strong style="color: #000000;"><a style="color: #000000;" href="https://www.niap-ccevs.org/announcements">NIAP News</a></strong></h5>
<h5 class="wpb_wrapper" style="text-align: left; padding-left: 30px;"><span style="color: #000000;">Updates &amp; Announcements:</span></h5>
<ul>
<li>NIAP&#8217;s First Quarter 2026 Progress Report</li>
</ul>
<h5 class="wpb_wrapper" style="text-align: left; padding-left: 30px;"><span style="color: #000000;">Protection Profile Announcements:</span></h5>
<ul>
<li>None</li>
</ul>
</div>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element "></div>
<div class="wpb_text_column wpb_content_element ">
<div class="wpb_wrapper">
<p style="text-align: center;">###</p>
</div>
</div>

		</div>
	</div>
<div class="vc_separator wpb_content_element vc_separator_align_center vc_sep_width_100 vc_sep_pos_align_center vc_separator_no_text vc_sep_color_black wpb_content_element  wpb_content_element" ><span class="vc_sep_holder vc_sep_holder_l"><span class="vc_sep_line"></span></span><span class="vc_sep_holder vc_sep_holder_r"><span class="vc_sep_line"></span></span>
</div></div></div></div></div><div class="vc_row wpb_row vc_row-fluid"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper"><div class="vc_row wpb_row vc_inner vc_row-fluid"><div class="wpb_column vc_column_container vc_col-sm-6"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<h5 class="wpb_wrapper" style="text-align: left;"><strong style="color: #000000;"><a style="color: #000000;" href="https://www.corsec.com/company/contact-us/">Connect With Us:</a></strong></h5>
<p>Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – <a href="https://ww3.corsec.com/subscribe"><span style="color: #0000ff;">Subscribe</span></a></p>
</div>

		</div>
	</div>
</div></div></div><div class="wpb_column vc_column_container vc_col-sm-6"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<h5 class="wpb_wrapper" style="text-align: left;"><strong style="color: #000000;"><a style="color: #000000;" href="https://www.corsec.com/contact-us/">Press Contact:</a></strong></h5>
<p><strong>Jake Nelson</strong><br />
Dir of Marketing<br />
Jnelson@corsec.com</p>
</div>

		</div>
	</div>
</div></div></div></div>
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element "><a href="https://www.linkedin.com/company/corsec-security"><img loading="lazy" decoding="async" src="https://www.corsec.com/wp-content/uploads/LinkedIn.png" sizes="auto, (max-width: 40px) 100vw, 40px" srcset="https://www.corsec.com/wp-content/uploads/LinkedIn.png 128w, https://www.corsec.com/wp-content/uploads/LinkedIn-150x150.png 150w" alt="LinkedIn" width="35" height="35" />     </a><a href="https://twitter.com/CorsecSecurity"><img loading="lazy" decoding="async" src="https://www.corsec.com/wp-content/uploads/Twitter.png" sizes="auto, (max-width: 40px) 100vw, 40px" srcset="https://www.corsec.com/wp-content/uploads/Twitter.png 128w, https://www.corsec.com/wp-content/uploads/Twitter-150x150.png 150w" alt="Twitter" width="35" height="35" />     </a><a href="https://www.facebook.com/Corsec-158518584300710/"><img loading="lazy" decoding="async" src="https://www.corsec.com/wp-content/uploads/Facebook.png" sizes="auto, (max-width: 40px) 100vw, 40px" srcset="https://www.corsec.com/wp-content/uploads/Facebook.png 128w, https://www.corsec.com/wp-content/uploads/Facebook-150x150.png 150w" alt="Facebook" width="35" height="35" /></a></div>

		</div>
	</div>
</div></div></div></div>
</div><p>The post <a href="https://www.corsec.com/fed-june26/">Fed Roundup: June 2026</a> appeared first on <a href="https://www.corsec.com">Corsec Security, Inc.®</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>FIPS 140-3 Validated: Citrix (CSG) NetScaler MPX Product Secured</title>
		<link>https://www.corsec.com/citrix-fips/</link>
		
		<dc:creator><![CDATA[Jake Nelson]]></dc:creator>
		<pubDate>Fri, 19 Jun 2026 20:39:48 +0000</pubDate>
				<category><![CDATA[Customers]]></category>
		<category><![CDATA[FIPS 140-3]]></category>
		<category><![CDATA[CMVP]]></category>
		<category><![CDATA[FIPS]]></category>
		<category><![CDATA[NIST]]></category>
		<category><![CDATA[Secure Products]]></category>
		<guid isPermaLink="false">https://www.corsec.com/?p=22647</guid>

					<description><![CDATA[<p>The post <a href="https://www.corsec.com/citrix-fips/">FIPS 140-3 Validated: Citrix (CSG) NetScaler MPX Product Secured</a> appeared first on <a href="https://www.corsec.com">Corsec Security, Inc.®</a>.</p>
]]></description>
										<content:encoded><![CDATA[<div class="wpb-content-wrapper"><div class="vc_row wpb_row vc_row-fluid"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<div class="wpb_wrapper">
<p>Corsec would like to congratulate our partner, Citrix (Cloud Software Group), on completing the Federal Information Processing Standard Publication 140-3 (<span style="color: #008000;"><a style="color: #008000;" href="https://www.corsec.com/fips-140-3/" target="_blank" rel="noopener">FIPS 140-3</a></span>) validation process on their NetScaler MPX product. Completion of the FIPS 140-3 validation process provides reassurance and third-party confirmation that the product meets rigorous government security requirements for protecting sensitive data.</p>
<p>To achieve this benchmark, Citrix partnered with Corsec, completing the validation at a Level 2 as seen in certificate #<a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5342" target="_blank" rel="noopener">5342</a>. For more information on the validation and to find additional details on the module’s security policy, visit <a href="https://csrc.nist.gov/Projects/cryptographic-module-validation-program/Validated-Modules/Search" target="_blank" rel="noopener">NIST’s validated modules site</a>.</p>
<p>To learn how to engineer your product to meet federal and regulated industry requirements—and avoid common certification delays, <a href="https://www.corsec.com/contact-us/" target="_blank" rel="noopener">schedule time to speak to a Corsec engineer</a>.</p>
</div>
</div>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<div class="wpb_wrapper">
<h5><strong><span class="s3">About FIPS 140</span></strong></h5>
</div>
</div>
<div class="wpb_text_column wpb_content_element ">
<div class="wpb_wrapper">
<p><span style="color: #008000;"><a style="color: #008000;" href="https://www.corsec.com/fips-140-2/" target="_blank" rel="noopener">FIPS 140-2</a></span> / <span style="color: #008000;"><a style="color: #008000;" href="https://www.corsec.com/fips-140-3/" target="_blank" rel="noopener">FIPS 140-3</a></span> are a joint effort by the National Institute of Standards and Technology (NIST) in the United States and the Communications Security Establishment Canada (CSEC), under the Canadian government. The Cryptographic Module Validation Program (CMVP), headed by NIST, provides module and algorithm testing for FIPS 140, which applies to Federal agencies using validated cryptographic modules to protect sensitive government data in computer and telecommunication systems. FIPS 140 provides stringent third-party assurance of security claims on any product containing cryptography that may be purchased by a government agency.</p>
<p>FIPS 140 is mandated by law in the U.S. and very strictly enforced in Canada. FIPS 140 has gained worldwide recognition as an important benchmark for third party validations of encryption products of all kinds. A FIPS 140 validation of a product provides end users with a high degree of product security, assurance, and dependability.</p>
</div>
</div>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<h5><strong>About the Citrix NetScaler MPX Product</strong></h5>
</div>
<div class="wpb_text_column wpb_content_element ">
<div class="wpb_wrapper">
<p>The NetScaler product line optimizes delivery of applications over the Internet and private networks. It is an Application Delivery Controller (ADC) that performs application-specific traffic analysis to intelligently distribute, optimize, and secure L4-L7 network traffic for web-applications. All these capabilities are combined into a single, integrated appliance for increased productivity, with lower overall total cost of ownership.</p>
<p>The NetScaler MPX is a hardware appliance consisting of a control plane processing function (providing all configuration and management processing functions) and multiple data planes which provide data packet processing functions.</p>
</div>
</div>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<div class="wpb_text_column wpb_content_element ">
<h5 class="wpb_wrapper"><strong>About Corsec Security, Inc.</strong></h5>
</div>
<div class="wpb_text_column wpb_content_element ">
<div class="wpb_wrapper">
<p>For over 28 years, Corsec has guided companies through complex security certifications, like <span style="color: #008000;"><strong><a style="color: #008000;" href="https://www.corsec.com/fips-140-2/" target="_blank" rel="noopener">FIPS 140-2</a> / <a style="color: #008000;" href="https://www.corsec.com/fips-140-3/" target="_blank" rel="noopener">FIPS 140-3</a></strong>,</span> <span style="color: #ff6600;"><a style="color: #ff6600;" href="https://www.corsec.com/common-criteria/" target="_blank" rel="noopener"><strong>Common Criteria</strong></a></span> (CC), <strong><span style="color: #872b2b;"><a style="color: #872b2b;" href="https://www.corsec.com/csfc/" target="_blank" rel="noopener">CSfC</a></span></strong>, and <strong><span style="color: #3366ff;"><a style="color: #3366ff;" href="https://www.corsec.com/stig/" target="_blank" rel="noopener">DoD STIG</a> / </span><a href="https://www.corsec.com/dodin-apl/" target="_blank" rel="noopener"><span style="color: #3366ff;">DoDIN APL</span></a></strong>.</p>
<p>Corsec’s end-to-end approach helps organizations reduce risk, avoid certification delays, and accelerate time to market. From mobile devices to satellites, our expertise ensures a more predictable and efficient path to validation.</p>
</div>
</div>
</div>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element "></div>
<div class="wpb_text_column wpb_content_element ">
<div class="wpb_wrapper">
<p style="text-align: center;">###</p>
</div>
</div>

		</div>
	</div>
<div class="vc_separator wpb_content_element vc_separator_align_center vc_sep_width_100 vc_sep_pos_align_center vc_separator_no_text vc_sep_color_grey wpb_content_element  wpb_content_element" ><span class="vc_sep_holder vc_sep_holder_l"><span class="vc_sep_line"></span></span><span class="vc_sep_holder vc_sep_holder_r"><span class="vc_sep_line"></span></span>
</div><div class="vc_row wpb_row vc_inner vc_row-fluid"><div class="wpb_column vc_column_container vc_col-sm-6"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<h5 class="wpb_wrapper" style="text-align: left;"><strong style="color: #000000;"><a style="color: #000000;" href="https://www.corsec.com/company/contact-us/">Connect With Us:</a></strong></h5>
<p>Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – <a href="https://ww3.corsec.com/subscribe" target="_blank" rel="noopener"><span style="color: #0000ff;">Subscribe</span></a></p>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<p><a href="https://ww3.corsec.com/linkedin"><img loading="lazy" decoding="async" class="alignnone" src="https://www.corsec.com/wp-content/uploads/LinkedIn.png" sizes="auto, (max-width: 40px) 100vw, 40px" srcset="https://www.corsec.com/wp-content/uploads/LinkedIn.png 128w, https://www.corsec.com/wp-content/uploads/LinkedIn-150x150.png 150w" alt="LinkedIn" width="35" height="35" /></a>     <a href="https://ww3.corsec.com/twitter"><img loading="lazy" decoding="async" class="alignnone" title="https://ww3.corsec.com/twitter" src="https://www.corsec.com/wp-content/uploads/Twitter.png" sizes="auto, (max-width: 40px) 100vw, 40px" srcset="https://www.corsec.com/wp-content/uploads/Twitter.png 128w, https://www.corsec.com/wp-content/uploads/Twitter-150x150.png 150w" alt="Twitter" width="35" height="35" /></a>    <a href="https://ww3.corsec.com/facebook"><img loading="lazy" decoding="async" class="alignnone" src="https://www.corsec.com/wp-content/uploads/Facebook.png" sizes="auto, (max-width: 40px) 100vw, 40px" srcset="https://www.corsec.com/wp-content/uploads/Facebook.png 128w, https://www.corsec.com/wp-content/uploads/Facebook-150x150.png 150w" alt="Facebook" width="35" height="35" /></a></p>

		</div>
	</div>
</div></div></div><div class="wpb_column vc_column_container vc_col-sm-6"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<h5 class="wpb_wrapper" style="text-align: left;"><strong style="color: #000000;"><a style="color: #000000;" href="https://www.corsec.com/company/contact-us/">Press Contact:</a></strong></h5>
<p><span style="color: #3366ff;"><a style="color: #3366ff;" href="https://www.linkedin.com/in/jake-r-nelson/" target="_blank" rel="noopener">Jake Nelson</a></span><br />
Corsec Director of Marketing<br />
jnelson@corsec.com</p>

		</div>
	</div>
</div></div></div></div></div></div></div></div>
</div><p>The post <a href="https://www.corsec.com/citrix-fips/">FIPS 140-3 Validated: Citrix (CSG) NetScaler MPX Product Secured</a> appeared first on <a href="https://www.corsec.com">Corsec Security, Inc.®</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Stryker Reaches New Security Milestone, Completes FIPS 140-3 Validation of Badge Crypto Module</title>
		<link>https://www.corsec.com/stryker-fips/</link>
		
		<dc:creator><![CDATA[Jake Nelson]]></dc:creator>
		<pubDate>Thu, 18 Jun 2026 20:30:51 +0000</pubDate>
				<category><![CDATA[Customers]]></category>
		<category><![CDATA[FIPS 140-3]]></category>
		<category><![CDATA[CMVP]]></category>
		<category><![CDATA[FIPS]]></category>
		<category><![CDATA[FIPS 14-3]]></category>
		<category><![CDATA[NIST]]></category>
		<category><![CDATA[Secure Products]]></category>
		<guid isPermaLink="false">https://www.corsec.com/?p=22641</guid>

					<description><![CDATA[<p>The post <a href="https://www.corsec.com/stryker-fips/">Stryker Reaches New Security Milestone, Completes FIPS 140-3 Validation of Badge Crypto Module</a> appeared first on <a href="https://www.corsec.com">Corsec Security, Inc.®</a>.</p>
]]></description>
										<content:encoded><![CDATA[<div class="wpb-content-wrapper"><div class="vc_row wpb_row vc_row-fluid"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<div class="wpb_wrapper">
<p>Corsec would like to congratulate our partner, Stryker Corporation, on completing the Federal Information Processing Standard Publication 140-3 (<span style="color: #008000;"><a style="color: #008000;" href="https://www.corsec.com/fips-140-3/" target="_blank" rel="noopener">FIPS 140-3</a></span>) validation process on their Stryker Badge Cryptographic Module. Completion of the FIPS 140-3 validation process provides reassurance and third-party confirmation that the module meets rigorous government security requirements for protecting sensitive data.</p>
<p>To achieve this benchmark, Stryker partnered with Corsec, completing the validation at a Level 1 as seen in certificate #<a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5336" target="_blank" rel="noopener">5336</a>. For more information on the validation and to find additional details on the module’s security policy, visit <a href="https://csrc.nist.gov/Projects/cryptographic-module-validation-program/Validated-Modules/Search" target="_blank" rel="noopener">NIST’s validated modules site</a>.</p>
<p>To learn how to engineer your product to meet federal and regulated industry requirements—and avoid common certification delays, <a href="https://www.corsec.com/contact-us/" target="_blank" rel="noopener">schedule time to speak to a Corsec engineer</a>.</p>
</div>
</div>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<div class="wpb_wrapper">
<h5><strong><span class="s3">About FIPS 140</span></strong></h5>
</div>
</div>
<div class="wpb_text_column wpb_content_element ">
<div class="wpb_wrapper">
<p><span style="color: #008000;"><a style="color: #008000;" href="https://www.corsec.com/fips-140-2/" target="_blank" rel="noopener">FIPS 140-2</a></span> / <span style="color: #008000;"><a style="color: #008000;" href="https://www.corsec.com/fips-140-3/" target="_blank" rel="noopener">FIPS 140-3</a></span> are a joint effort by the National Institute of Standards and Technology (NIST) in the United States and the Communications Security Establishment Canada (CSEC), under the Canadian government. The Cryptographic Module Validation Program (CMVP), headed by NIST, provides module and algorithm testing for FIPS 140, which applies to Federal agencies using validated cryptographic modules to protect sensitive government data in computer and telecommunication systems. FIPS 140 provides stringent third-party assurance of security claims on any product containing cryptography that may be purchased by a government agency.</p>
<p>FIPS 140 is mandated by law in the U.S. and very strictly enforced in Canada. FIPS 140 has gained worldwide recognition as an important benchmark for third party validations of encryption products of all kinds. A FIPS 140 validation of a product provides end users with a high degree of product security, assurance, and dependability.</p>
</div>
</div>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<h5><strong>About Stryker Corporation and Their Stryker Badge Cryptographic Module</strong></h5>
</div>
<div class="wpb_text_column wpb_content_element ">
<div class="wpb_wrapper">
<p>Stryker Corporation is a global leader in medical technologies, offering innovative products and services in medsurg, neurotechnology, orthopedics, and spine that help improve patient and healthcare outcomes.</p>
<p>Stryker’s Vocera Badges are wearable communication devices that enable clinician agility and accelerate patient care. Small and lightweight, the Vocera Badges redefine healthcare communications by bringing together voice calling, secure messaging, alerts, and alarms in a lightweight wearable. Communications are protected via industry standard secure wireless communications protocols.</p>
<p>The Stryker Badge Cryptographic Module is a firmware module that is installed on the badge, and badge applications can leverage the module’s cryptographic services (including encryption/decryption, hashing, digital signature functions, and random number generation) needed to support secure communications.</p>
</div>
</div>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<div class="wpb_text_column wpb_content_element ">
<h5 class="wpb_wrapper"><strong>About Corsec Security, Inc.</strong></h5>
</div>
<div class="wpb_text_column wpb_content_element ">
<div class="wpb_wrapper">
<p>For over 28 years, Corsec has guided companies through complex security certifications, like <span style="color: #008000;"><strong><a style="color: #008000;" href="https://www.corsec.com/fips-140-2/" target="_blank" rel="noopener">FIPS 140-2</a> / <a style="color: #008000;" href="https://www.corsec.com/fips-140-3/" target="_blank" rel="noopener">FIPS 140-3</a></strong>,</span> <span style="color: #ff6600;"><a style="color: #ff6600;" href="https://www.corsec.com/common-criteria/" target="_blank" rel="noopener"><strong>Common Criteria</strong></a></span> (CC), <strong><span style="color: #872b2b;"><a style="color: #872b2b;" href="https://www.corsec.com/csfc/" target="_blank" rel="noopener">CSfC</a></span></strong>, and <strong><span style="color: #3366ff;"><a style="color: #3366ff;" href="https://www.corsec.com/stig/" target="_blank" rel="noopener">DoD STIG</a> / </span><a href="https://www.corsec.com/dodin-apl/" target="_blank" rel="noopener"><span style="color: #3366ff;">DoDIN APL</span></a></strong>.</p>
<p>Corsec’s end-to-end approach helps organizations reduce risk, avoid certification delays, and accelerate time to market. From mobile devices to satellites, our expertise ensures a more predictable and efficient path to validation.</p>
</div>
</div>
</div>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element "></div>
<div class="wpb_text_column wpb_content_element ">
<div class="wpb_wrapper">
<p style="text-align: center;">###</p>
</div>
</div>

		</div>
	</div>
<div class="vc_separator wpb_content_element vc_separator_align_center vc_sep_width_100 vc_sep_pos_align_center vc_separator_no_text vc_sep_color_grey wpb_content_element  wpb_content_element" ><span class="vc_sep_holder vc_sep_holder_l"><span class="vc_sep_line"></span></span><span class="vc_sep_holder vc_sep_holder_r"><span class="vc_sep_line"></span></span>
</div><div class="vc_row wpb_row vc_inner vc_row-fluid"><div class="wpb_column vc_column_container vc_col-sm-6"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<h5 class="wpb_wrapper" style="text-align: left;"><strong style="color: #000000;"><a style="color: #000000;" href="https://www.corsec.com/company/contact-us/">Connect With Us:</a></strong></h5>
<p>Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – <a href="https://ww3.corsec.com/subscribe" target="_blank" rel="noopener"><span style="color: #0000ff;">Subscribe</span></a></p>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<p><a href="https://ww3.corsec.com/linkedin"><img loading="lazy" decoding="async" class="alignnone" src="https://www.corsec.com/wp-content/uploads/LinkedIn.png" sizes="auto, (max-width: 40px) 100vw, 40px" srcset="https://www.corsec.com/wp-content/uploads/LinkedIn.png 128w, https://www.corsec.com/wp-content/uploads/LinkedIn-150x150.png 150w" alt="LinkedIn" width="35" height="35" /></a>     <a href="https://ww3.corsec.com/twitter"><img loading="lazy" decoding="async" class="alignnone" title="https://ww3.corsec.com/twitter" src="https://www.corsec.com/wp-content/uploads/Twitter.png" sizes="auto, (max-width: 40px) 100vw, 40px" srcset="https://www.corsec.com/wp-content/uploads/Twitter.png 128w, https://www.corsec.com/wp-content/uploads/Twitter-150x150.png 150w" alt="Twitter" width="35" height="35" /></a>    <a href="https://ww3.corsec.com/facebook"><img loading="lazy" decoding="async" class="alignnone" src="https://www.corsec.com/wp-content/uploads/Facebook.png" sizes="auto, (max-width: 40px) 100vw, 40px" srcset="https://www.corsec.com/wp-content/uploads/Facebook.png 128w, https://www.corsec.com/wp-content/uploads/Facebook-150x150.png 150w" alt="Facebook" width="35" height="35" /></a></p>

		</div>
	</div>
</div></div></div><div class="wpb_column vc_column_container vc_col-sm-6"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<h5 class="wpb_wrapper" style="text-align: left;"><strong style="color: #000000;"><a style="color: #000000;" href="https://www.corsec.com/company/contact-us/">Press Contact:</a></strong></h5>
<p><span style="color: #3366ff;"><a style="color: #3366ff;" href="https://www.linkedin.com/in/jake-r-nelson/" target="_blank" rel="noopener">Jake Nelson</a></span><br />
Corsec Director of Marketing<br />
jnelson@corsec.com</p>

		</div>
	</div>
</div></div></div></div></div></div></div></div>
</div><p>The post <a href="https://www.corsec.com/stryker-fips/">Stryker Reaches New Security Milestone, Completes FIPS 140-3 Validation of Badge Crypto Module</a> appeared first on <a href="https://www.corsec.com">Corsec Security, Inc.®</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Fed Roundup: May 2026</title>
		<link>https://www.corsec.com/fed-may26/</link>
		
		<dc:creator><![CDATA[Jake Nelson]]></dc:creator>
		<pubDate>Tue, 02 Jun 2026 18:22:08 +0000</pubDate>
				<category><![CDATA[Algorithm Testing]]></category>
		<category><![CDATA[Common Criteria]]></category>
		<category><![CDATA[FIPS 140-3]]></category>
		<category><![CDATA[News]]></category>
		<category><![CDATA[STIG]]></category>
		<category><![CDATA[CMVP]]></category>
		<category><![CDATA[DISA]]></category>
		<category><![CDATA[NIAP]]></category>
		<category><![CDATA[NIST]]></category>
		<guid isPermaLink="false">https://www.corsec.com/?p=22602</guid>

					<description><![CDATA[<p>The post <a href="https://www.corsec.com/fed-may26/">Fed Roundup: May 2026</a> appeared first on <a href="https://www.corsec.com">Corsec Security, Inc.®</a>.</p>
]]></description>
										<content:encoded><![CDATA[<div class="wpb-content-wrapper"><div class="vc_row wpb_row vc_row-fluid"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<h5 class="wpb_wrapper" style="text-align: left;"><strong style="color: #000000;">DISA News</strong></h5>
<h5 style="padding-left: 30px;"><span style="color: #000000;">Announcements:</span></h5>
<ul>
<li>Launched new Acquisition Decisions LinkedIn newsletter</li>
<li>Strong push on skills-based hiring for cyber roles</li>
<li>Moving beyond resumes to validated technical assessments</li>
<li>Accelerated hiring tied to live events (e.g., TechNet Cyber)</li>
<li>Heavy promotion of TechNet Cyber 2026</li>
<li>Ongoing emphasis on strengthening industry partnerships through increased transparency and accessibility for vendors via new comms channels</li>
<li>A shift towards modernizing industry engagement, hiring of cyber talent, and communication of opportunities</li>
</ul>
<h5 style="padding-left: 30px;"><span style="color: #000000;"><a style="color: #000000;" href="https://public.cyber.mil/stigs/">Security Technical Implementation Guide Updates:</a></span></h5>
<ul>
<li data-section-id="mimdvc" data-start="795" data-end="826">None</li>
</ul>
</div>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<h5 class="wpb_wrapper" style="text-align: left;"><strong style="color: #000000;"><a style="color: #000000;" href="https://csrc.nist.gov/News">NIST News</a></strong></h5>
<h5 style="padding-left: 30px;"><span style="color: #000000;">Updates &amp; Announcements:</span></h5>
<ul>
<li><a href="https://csrc.nist.gov/News/2026/nist-advances-9-candidates-to-the-3rd-round-of-pqc" target="_blank" rel="noopener">&#8220;Nine Candidates Advance to the Third Round of the Additional Digital Signatures for the PQC Standardization Process&#8221;</a></li>
</ul>
<h5 style="padding-left: 30px;"><span style="color: #000000;">Special Publications, Interagency Reports, &amp; Cybersecurity White Papers:</span></h5>
<ul>
<li><a href="https://csrc.nist.gov/News/2026/nist-releases-sp-800-234" target="_blank" rel="noopener">SP 800-234, High-Performance Computing (HPC) Security Overlay</a></li>
<li><a href="https://csrc.nist.gov/News/2026/techniques-for-key-wrapping" target="_blank" rel="noopener">Pre-Draft Call for Comments on Revision to SP 800-38F, Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping (2012)</a></li>
<li><a href="https://csrc.nist.gov/News/2026/nist-releases-nistir-8323-rev-2" target="_blank" rel="noopener">Draft IR 8323 Revision 2, Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT)</a></li>
<li><a href="https://csrc.nist.gov/News/2026/tls-comment-on-sp-800-52-rev-2" target="_blank" rel="noopener">Call for Comments on SP 800-52 Rev. 2, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations (2019)</a></li>
<li><a href="https://csrc.nist.gov/News/2026/final-nist-sp-800-70r5-is-available" target="_blank" rel="noopener">SP 800-70r5 (Revision 5), National Checklist Program for IT Products – Guidelines for Checklist Users and Developers</a></li>
<li><a href="https://csrc.nist.gov/pubs/sp/800/172/r3/final" target="_blank" rel="noopener">SP 800-172r3 (Revision 3), Enhanced Security Requirements for Protecting Controlled Unclassified Information</a></li>
<li><a href="https://csrc.nist.gov/pubs/sp/800/172/a/r3/final" target="_blank" rel="noopener">SP 800-172Ar3 (Revision 3), Assessing Enhanced Security Requirements for Controlled Unclassified Information</a></li>
<li><a href="https://csrc.nist.gov/News/2026/secure-deployment-of-restful-web-apis" target="_blank" rel="noopener">Draft SP 800-228A, Guidelines for the Secure Deployment of RESTful Web APIs</a></li>
<li><a href="https://csrc.nist.gov/News/2026/nist-ir-8500a-ipd-available-for-public-comment" target="_blank" rel="noopener">IR 8500A IPD, Blockchain-Based Secure Software Assets Management (BloSS@M)</a></li>
<li><a href="https://csrc.nist.gov/News/2026/nist-sp-1800-41-released-for-public-comment" target="_blank" rel="noopener">IPD of SP 1800-41, Responding to and Recovering from a Cyber Attack: Cybersecurity for the Manufacturing Sector</a></li>
<li><a href="https://csrc.nist.gov/News/2026/fy-2025-cybersecurity-annual-report" target="_blank" rel="noopener">SP 800-238, Fiscal Year 2025 Annual Report for NIST Cybersecurity and Privacy Program</a></li>
<li><a href="https://csrc.nist.gov/News/2026/draft-nist-ir-hardware-enabled-security" target="_blank" rel="noopener">NIST IR 8320E IPD, Hardware-Enabled Security: Confidential Computing of Data in Cloud Workloads</a></li>
</ul>
</div>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<h5 class="wpb_wrapper" style="text-align: left;"><strong style="color: #000000;"><a style="color: #000000;" href="https://www.niap-ccevs.org/announcements">NIAP News</a></strong></h5>
<h5 class="wpb_wrapper" style="text-align: left; padding-left: 30px;"><span style="color: #000000;">Updates &amp; Announcements:</span></h5>
<ul>
<li>NIAP CCEVS Policy #29: Addendum for Certificate Length Updates</li>
</ul>
<h5 class="wpb_wrapper" style="text-align: left; padding-left: 30px;"><span style="color: #000000;">Protection Profile Announcements:</span></h5>
<ul>
<li>Published &#8211; Virtualization Version 2.0</li>
</ul>
</div>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element "></div>
<div class="wpb_text_column wpb_content_element ">
<div class="wpb_wrapper">
<p style="text-align: center;">###</p>
</div>
</div>

		</div>
	</div>
<div class="vc_separator wpb_content_element vc_separator_align_center vc_sep_width_100 vc_sep_pos_align_center vc_separator_no_text vc_sep_color_black wpb_content_element  wpb_content_element" ><span class="vc_sep_holder vc_sep_holder_l"><span class="vc_sep_line"></span></span><span class="vc_sep_holder vc_sep_holder_r"><span class="vc_sep_line"></span></span>
</div></div></div></div></div><div class="vc_row wpb_row vc_row-fluid"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper"><div class="vc_row wpb_row vc_inner vc_row-fluid"><div class="wpb_column vc_column_container vc_col-sm-6"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<h5 class="wpb_wrapper" style="text-align: left;"><strong style="color: #000000;"><a style="color: #000000;" href="https://www.corsec.com/company/contact-us/">Connect With Us:</a></strong></h5>
<p>Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – <a href="https://ww3.corsec.com/subscribe"><span style="color: #0000ff;">Subscribe</span></a></p>
</div>

		</div>
	</div>
</div></div></div><div class="wpb_column vc_column_container vc_col-sm-6"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<h5 class="wpb_wrapper" style="text-align: left;"><strong style="color: #000000;"><a style="color: #000000;" href="https://www.corsec.com/contact-us/">Press Contact:</a></strong></h5>
<p><strong>Jake Nelson</strong><br />
Dir of Marketing<br />
Jnelson@corsec.com</p>
</div>

		</div>
	</div>
</div></div></div></div>
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element "><a href="https://www.linkedin.com/company/corsec-security"><img loading="lazy" decoding="async" src="https://www.corsec.com/wp-content/uploads/LinkedIn.png" sizes="auto, (max-width: 40px) 100vw, 40px" srcset="https://www.corsec.com/wp-content/uploads/LinkedIn.png 128w, https://www.corsec.com/wp-content/uploads/LinkedIn-150x150.png 150w" alt="LinkedIn" width="35" height="35" />     </a><a href="https://twitter.com/CorsecSecurity"><img loading="lazy" decoding="async" src="https://www.corsec.com/wp-content/uploads/Twitter.png" sizes="auto, (max-width: 40px) 100vw, 40px" srcset="https://www.corsec.com/wp-content/uploads/Twitter.png 128w, https://www.corsec.com/wp-content/uploads/Twitter-150x150.png 150w" alt="Twitter" width="35" height="35" />     </a><a href="https://www.facebook.com/Corsec-158518584300710/"><img loading="lazy" decoding="async" src="https://www.corsec.com/wp-content/uploads/Facebook.png" sizes="auto, (max-width: 40px) 100vw, 40px" srcset="https://www.corsec.com/wp-content/uploads/Facebook.png 128w, https://www.corsec.com/wp-content/uploads/Facebook-150x150.png 150w" alt="Facebook" width="35" height="35" /></a></div>

		</div>
	</div>
</div></div></div></div>
</div><p>The post <a href="https://www.corsec.com/fed-may26/">Fed Roundup: May 2026</a> appeared first on <a href="https://www.corsec.com">Corsec Security, Inc.®</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>HP Inc Completes FIPS 140-3 Validation of HP Poly Crypto Module</title>
		<link>https://www.corsec.com/hp-fips/</link>
		
		<dc:creator><![CDATA[Jake Nelson]]></dc:creator>
		<pubDate>Fri, 15 May 2026 18:30:19 +0000</pubDate>
				<category><![CDATA[Customers]]></category>
		<category><![CDATA[FIPS 140-3]]></category>
		<category><![CDATA[CMVP]]></category>
		<category><![CDATA[FIPS]]></category>
		<category><![CDATA[NIST]]></category>
		<category><![CDATA[Secured Products]]></category>
		<guid isPermaLink="false">https://www.corsec.com/?p=22583</guid>

					<description><![CDATA[<p>The post <a href="https://www.corsec.com/hp-fips/">HP Inc Completes FIPS 140-3 Validation of HP Poly Crypto Module</a> appeared first on <a href="https://www.corsec.com">Corsec Security, Inc.®</a>.</p>
]]></description>
										<content:encoded><![CDATA[<div class="wpb-content-wrapper"><div class="vc_row wpb_row vc_row-fluid"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<div class="wpb_wrapper">
<p>Corsec would like to congratulate our partner, Hewlett Packard, Inc., on completing the Federal Information Processing Standard Publication 140-3 (<span style="color: #008000;"><a style="color: #008000;" href="https://www.corsec.com/fips-140-3/" target="_blank" rel="noopener">FIPS 140-3</a></span>) validation process on their HP Poly Cryptographic Module. Completion of the FIPS 140-3 validation process provides reassurance and confirmation to users of the protection of sensitive information within their environment.</p>
<p>To achieve this benchmark, HP partnered with Corsec, completing the validation at a Level 1 as seen in certificate #<a href="https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5011" target="_blank" rel="noopener">5011</a>. For more information on the validation and to find additional details on the module’s security policy, visit <a href="https://csrc.nist.gov/Projects/cryptographic-module-validation-program/Validated-Modules/Search" target="_blank" rel="noopener">NIST’s validated modules site</a>.</p>
<p>To learn more about engineering your product to meet Federal and regulated industry security requirements, <a href="https://www.corsec.com/contact-us/" target="_blank" rel="noopener">schedule time to speak to a Corsec engineer</a>.</p>
</div>
</div>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<div class="wpb_wrapper">
<h5><strong><span class="s3">About FIPS 140</span></strong></h5>
</div>
</div>
<div class="wpb_text_column wpb_content_element ">
<div class="wpb_wrapper">
<p><span style="color: #008000;"><a style="color: #008000;" href="https://www.corsec.com/fips-140-2/" target="_blank" rel="noopener">FIPS 140-2</a></span> / <span style="color: #008000;"><a style="color: #008000;" href="https://www.corsec.com/fips-140-3/" target="_blank" rel="noopener">FIPS 140-3</a></span> are a joint effort by the National Institute of Standards and Technology (NIST) in the United States and the Communications Security Establishment Canada (CSEC), under the Canadian government. The Cryptographic Module Validation Program (CMVP), headed by NIST, provides module and algorithm testing for FIPS 140, which applies to Federal agencies using validated cryptographic modules to protect sensitive government data in computer and telecommunication systems. FIPS 140 provides stringent third-party assurance of security claims on any product containing cryptography that may be purchased by a government agency.</p>
<p>FIPS 140 is mandated by law in the U.S. and very strictly enforced in Canada. FIPS 140 has gained worldwide recognition as an important benchmark for third party validations of encryption products of all kinds. A FIPS 140 validation of a product provides end users with a high degree of product security, assurance, and dependability.</p>
</div>
</div>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<h5><strong>About the HP Poly Cryptographic Module</strong></h5>
</div>
<div class="wpb_text_column wpb_content_element ">
<div class="wpb_wrapper">
<p>The HP Poly Cryptographic Module is an open-source, general-purpose cryptographic library which provides approved cryptographic algorithms to serve BoringSSL and other user-space applications. The module is intended for use in a variety of environments and any general-purpose environment that requires cryptographic primitives.</p>
</div>
</div>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<div class="wpb_text_column wpb_content_element ">
<h5 class="wpb_wrapper"><strong>About Corsec Security, Inc.</strong></h5>
</div>
<div class="wpb_text_column wpb_content_element ">
<div class="wpb_wrapper">
<p>For over 28 years, Corsec<strong> </strong>has assisted companies through the IT security certification process for <span style="color: #008000;"><strong><a style="color: #008000;" href="https://www.corsec.com/fips-140-2/" target="_blank" rel="noopener">FIPS 140-2</a> / <a style="color: #008000;" href="https://www.corsec.com/fips-140-3/" target="_blank" rel="noopener">FIPS 140-3</a></strong>,</span> <span style="color: #ff6600;"><a style="color: #ff6600;" href="https://www.corsec.com/common-criteria/" target="_blank" rel="noopener"><strong>Common Criteria</strong></a></span> (CC), <strong><span style="color: #872b2b;"><a style="color: #872b2b;" href="https://www.corsec.com/csfc/" target="_blank" rel="noopener">CSfC</a></span></strong>, and <strong><span style="color: #3366ff;"><a style="color: #3366ff;" href="https://www.corsec.com/stig/" target="_blank" rel="noopener">DoD STIG</a> / </span><a href="https://www.corsec.com/dodin-apl/" target="_blank" rel="noopener"><span style="color: #3366ff;">DoDIN APL</span></a></strong>. We are a privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.</p>
</div>
</div>
</div>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element "></div>
<div class="wpb_text_column wpb_content_element ">
<div class="wpb_wrapper">
<p style="text-align: center;">###</p>
</div>
</div>

		</div>
	</div>
<div class="vc_separator wpb_content_element vc_separator_align_center vc_sep_width_100 vc_sep_pos_align_center vc_separator_no_text vc_sep_color_grey wpb_content_element  wpb_content_element" ><span class="vc_sep_holder vc_sep_holder_l"><span class="vc_sep_line"></span></span><span class="vc_sep_holder vc_sep_holder_r"><span class="vc_sep_line"></span></span>
</div><div class="vc_row wpb_row vc_inner vc_row-fluid"><div class="wpb_column vc_column_container vc_col-sm-6"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<h5 class="wpb_wrapper" style="text-align: left;"><strong style="color: #000000;"><a style="color: #000000;" href="https://www.corsec.com/company/contact-us/">Connect With Us:</a></strong></h5>
<p>Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – <a href="https://ww3.corsec.com/subscribe" target="_blank" rel="noopener"><span style="color: #0000ff;">Subscribe</span></a></p>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<p><a href="https://ww3.corsec.com/linkedin"><img loading="lazy" decoding="async" class="alignnone" src="https://www.corsec.com/wp-content/uploads/LinkedIn.png" sizes="auto, (max-width: 40px) 100vw, 40px" srcset="https://www.corsec.com/wp-content/uploads/LinkedIn.png 128w, https://www.corsec.com/wp-content/uploads/LinkedIn-150x150.png 150w" alt="LinkedIn" width="35" height="35" /></a>     <a href="https://ww3.corsec.com/twitter"><img loading="lazy" decoding="async" class="alignnone" title="https://ww3.corsec.com/twitter" src="https://www.corsec.com/wp-content/uploads/Twitter.png" sizes="auto, (max-width: 40px) 100vw, 40px" srcset="https://www.corsec.com/wp-content/uploads/Twitter.png 128w, https://www.corsec.com/wp-content/uploads/Twitter-150x150.png 150w" alt="Twitter" width="35" height="35" /></a>    <a href="https://ww3.corsec.com/facebook"><img loading="lazy" decoding="async" class="alignnone" src="https://www.corsec.com/wp-content/uploads/Facebook.png" sizes="auto, (max-width: 40px) 100vw, 40px" srcset="https://www.corsec.com/wp-content/uploads/Facebook.png 128w, https://www.corsec.com/wp-content/uploads/Facebook-150x150.png 150w" alt="Facebook" width="35" height="35" /></a></p>

		</div>
	</div>
</div></div></div><div class="wpb_column vc_column_container vc_col-sm-6"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<h5 class="wpb_wrapper" style="text-align: left;"><strong style="color: #000000;"><a style="color: #000000;" href="https://www.corsec.com/company/contact-us/">Press Contact:</a></strong></h5>
<p><span style="color: #3366ff;"><a style="color: #3366ff;" href="https://www.linkedin.com/in/jake-r-nelson/" target="_blank" rel="noopener">Jake Nelson</a></span><br />
Corsec Director of Marketing<br />
jnelson@corsec.com</p>

		</div>
	</div>
</div></div></div></div></div></div></div></div>
</div><p>The post <a href="https://www.corsec.com/hp-fips/">HP Inc Completes FIPS 140-3 Validation of HP Poly Crypto Module</a> appeared first on <a href="https://www.corsec.com">Corsec Security, Inc.®</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Deconstructing Common Criteria: Myth #5</title>
		<link>https://www.corsec.com/common-criteria-myth-5/</link>
		
		<dc:creator><![CDATA[Mary Broerman]]></dc:creator>
		<pubDate>Thu, 07 May 2026 14:12:48 +0000</pubDate>
				<category><![CDATA[Blog]]></category>
		<category><![CDATA[Common Criteria]]></category>
		<category><![CDATA[EUCC]]></category>
		<category><![CDATA[Certification Strategy]]></category>
		<category><![CDATA[EU Common Criteria]]></category>
		<category><![CDATA[Product Security Certification]]></category>
		<guid isPermaLink="false">https://www.corsec.com/?p=22547</guid>

					<description><![CDATA[<p>The post <a href="https://www.corsec.com/common-criteria-myth-5/">Deconstructing Common Criteria: Myth #5</a> appeared first on <a href="https://www.corsec.com">Corsec Security, Inc.®</a>.</p>
]]></description>
										<content:encoded><![CDATA[<div class="wpb-content-wrapper"><div class="vc_row wpb_row vc_row-fluid"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<p data-start="125" data-end="524">As cybersecurity frameworks continue to evolve, organizations that are already familiar with <span style="color: #ff6600;"><a style="color: #ff6600;" href="https://www.corsec.com/common-criteria/" target="_blank" rel="noopener">Common Criteria</a></span> may find themselves navigating new terminology, regional initiatives, and emerging certification schemes. With the introduction of European Union efforts, it can feel as though an entirely new framework is taking shape that requires a fresh approach to evaluation and compliance.</p>
<p data-start="526" data-end="599">But is this truly a new system, or a continuation of what already exists?</p>
<p data-start="601" data-end="927">A common misconception is that European Union Common Criteria represents a complete departure from the established certification model. In reality, these initiatives are built upon the same foundational principles, with adjustments that reflect regional priorities and regulatory direction rather than a wholesale reinvention.</p>
<p data-start="929" data-end="1403" data-is-last-node="" data-is-only-node="">This post is the fifth and final installment in our series, <a href="https://www.corsec.com/cc-myths/" target="_blank" rel="noopener"><em>Deconstructing Common Criteria: 5 Myths and Realities</em></a><em>,</em> which explores the assumptions that shape how organizations approach certification. While each post stands on its own, together they illustrate how Common Criteria continues to evolve—highlighting not only how organizations achieve certification, but how they adapt to changes that influence long-term strategy, global market access, and ongoing compliance.</p>
<hr />
<h3 data-section-id="mfpduf" data-start="1641" data-end="1739">Myth #5: European Union Common Criteria is a completely new certification framework.</h3>
<p data-start="1012" data-end="1221">At first glance, the European Union’s approach to cybersecurity certification—often associated with terms like “EUCC” or frameworks tied to the Cybersecurity Act—can appear to introduce an entirely new system.</p>
<p data-start="1223" data-end="1436">This perception is understandable. New governance structures, updated terminology, and evolving regulatory drivers can make it seem like organizations must start from scratch when pursuing certification in the EU.</p>
<h3 data-section-id="1vvs0d5" data-start="2112" data-end="2193">Reality: EU certification builds on existing Common Criteria foundations—it does not replace them</h3>
<p data-start="1549" data-end="1707">Despite the new terminology and regulatory context, European Union certification efforts are not a departure from Common Criteria—they are an evolution of it. The EUCC is simply the scheme that is performing evaluations under Common Criteria.</p>
<p data-start="1709" data-end="1981">Common Criteria itself is already an internationally recognized framework used to evaluate the security of IT products, with mutual recognition across participating countries under the Common Criteria Recognition Arrangement (CCRA).</p>
<p data-start="1983" data-end="2150">What the European Union is doing is leveraging that existing foundation and adapting it to align with regional policy goals, regulatory oversight, and assurance needs.</p>
<hr />
<h3 data-start="2608" data-end="2759">Understanding What’s Actually Changing</h3>
<ul>
<li><span role="text"><strong data-start="2365" data-end="2426">Governance and Oversight Are Becoming More Centralized</strong></span></li>
</ul>
<p data-start="2427" data-end="2498">One of the most noticeable shifts is organizational. EU initiatives introduce more centralized governance and coordination across member states. This can influence how certifications are managed, reviewed, and maintained, but it does not fundamentally change the underlying evaluation methodology. It is still Common Criteria.</p>
<ul>
<li><strong>Alignment with Broader EU Cybersecurity Policy</strong></li>
</ul>
<p data-start="2809" data-end="2995">European certification frameworks are being shaped to support broader regulatory efforts, such as supply chain security, digital sovereignty, and risk management across critical sectors.</p>
<p data-start="2997" data-end="3170">This means certification may be more tightly integrated into compliance requirements—but again, the technical evaluation roots remain grounded in Common Criteria.</p>
<ul>
<li data-start="2997" data-end="3170"><strong>Continued Reliance on Established Evaluation Concepts</strong></li>
</ul>
<p data-start="3242" data-end="3295">Common Criteria elements still apply, including Defined security requirements (e.g., Protection Profiles or Security Targets), Independent lab evaluations, Certification by an authoritative body and international recognition mechanisms. These are not new concepts as they are the same building blocks organizations have been working with for years.</p>
<ul>
<li data-start="3224" data-end="3374"><strong>Potential for Expanded Assurance and Lifecycle Expectations</strong></li>
</ul>
<p data-start="3721" data-end="3787">Where organizations may see differences is in expectations around ongoing assurance and maintenance, certification lifecycle management and alignment with evolving regulatory requirements. These shifts reflect changing risk environments instead of a replacement of the certification framework itself.</p>
<hr data-start="1636" data-end="1639" />
<h3 data-start="6348" data-end="6684">What This Means for Your Certification Strategy</h3>
<p data-start="4530" data-end="4655">Understanding that EU certification efforts are an extension—not a replacement—of Common Criteria has important implications:</p>
<ul data-start="4657" data-end="4953">
<li data-section-id="18aug0l" data-start="4657" data-end="4730">You can <strong data-start="4667" data-end="4728">leverage existing Common Criteria knowledge and artifacts</strong></li>
<li data-section-id="fg0rvm" data-start="4731" data-end="4795">You should <strong data-start="4744" data-end="4773">plan for regional nuances</strong>, not a full restart</li>
<li data-section-id="1fmazil" data-start="4796" data-end="4877">Early alignment can help avoid <strong data-start="4829" data-end="4875">duplicate work or conflicting requirements</strong></li>
<li data-section-id="ixqgbt" data-start="4878" data-end="4953">A unified strategy can support <strong data-start="4911" data-end="4953">both global and regional market access</strong></li>
</ul>
<p data-start="4955" data-end="5078">Organizations that recognize this continuity are better positioned to adapt efficiently as certification landscapes evolve.</p>
<p data-start="4955" data-end="5078">Learn more about identifying the right evaluation path with a with a <span style="color: #ff6600;"><a style="color: #ff6600;" href="https://www.corsec.com/CC-assessment/" target="_blank" rel="noopener">Common Criteria Assessment</a></span>. and start the conversation early to significantly improve program predictability and learn how structured planning can help define a clear evaluation path while supporting successful market entry.</p>
<hr data-start="1636" data-end="1639" />
<p data-start="5108" data-end="5280">The introduction of European Union certification frameworks does not signal the arrival of an entirely new system as much as it reflects the continued evolution of an established one.</p>
<p data-start="5440" data-end="5565">As with the other myths in this series, the key is not just understanding the framework but understanding how it is evolving.</p>

		</div>
	</div>
</div></div></div></div>
</div><p>The post <a href="https://www.corsec.com/common-criteria-myth-5/">Deconstructing Common Criteria: Myth #5</a> appeared first on <a href="https://www.corsec.com">Corsec Security, Inc.®</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Fed Roundup: April 2026</title>
		<link>https://www.corsec.com/fed-april26/</link>
		
		<dc:creator><![CDATA[Jake Nelson]]></dc:creator>
		<pubDate>Wed, 06 May 2026 14:26:04 +0000</pubDate>
				<category><![CDATA[Algorithm Testing]]></category>
		<category><![CDATA[Common Criteria]]></category>
		<category><![CDATA[FIPS 140-3]]></category>
		<category><![CDATA[News]]></category>
		<category><![CDATA[STIG]]></category>
		<category><![CDATA[CMVP]]></category>
		<category><![CDATA[DISA]]></category>
		<category><![CDATA[FIPS]]></category>
		<category><![CDATA[NIAP]]></category>
		<category><![CDATA[NIST]]></category>
		<guid isPermaLink="false">https://www.corsec.com/?p=22569</guid>

					<description><![CDATA[<p>The post <a href="https://www.corsec.com/fed-april26/">Fed Roundup: April 2026</a> appeared first on <a href="https://www.corsec.com">Corsec Security, Inc.®</a>.</p>
]]></description>
										<content:encoded><![CDATA[<div class="wpb-content-wrapper"><div class="vc_row wpb_row vc_row-fluid"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<h5 class="wpb_wrapper" style="text-align: left;"><strong style="color: #000000;">DISA News</strong></h5>
<h5 style="padding-left: 30px;"><span style="color: #000000;">Announcements:</span></h5>
<ul>
<li><a href="https://www.disa.mil/newsroom/article/20YRw00000KAbSeMAL" target="_blank" rel="noopener">DISA is advancing cybersecurity and operational resilience by modernizing command-and-control infrastructure, adopting zero trust principles, and strengthening the Defense Department’s digital operations capabilities.</a></li>
</ul>
<h5 style="padding-left: 30px;"><span style="color: #000000;"><a style="color: #000000;" href="https://public.cyber.mil/stigs/">Security Technical Implementation Guide Updates:</a></span></h5>
<ul>
<li data-section-id="mimdvc" data-start="795" data-end="826">Apache Server 2.4 Unix STIG</li>
<li data-section-id="1y3u2a5" data-start="827" data-end="861">Apache Server 2.4 Windows STIG</li>
<li data-section-id="11z8jdl" data-start="862" data-end="905">Apache Tomcat Application Server 9 STIG</li>
<li data-section-id="zbu511" data-start="906" data-end="951">Application Security and Development STIG</li>
<li data-section-id="1vx02mp" data-start="952" data-end="978">Application Server SRG</li>
<li data-section-id="i7l3va" data-start="979" data-end="1016">IBM WebSphere Liberty Server STIG</li>
<li data-section-id="iiixa5" data-start="1017" data-end="1067">JBoss Enterprise Application Platform 6.3 STIG</li>
<li data-section-id="1efgapv" data-start="1068" data-end="1087">Kubernetes STIG</li>
<li data-section-id="15ojjv9" data-start="1088" data-end="1122">Kubernetes STIG SCAP Benchmark</li>
<li data-section-id="1ovr6z1" data-start="1123" data-end="1145">Layer 2 Switch SRG</li>
<li data-section-id="1mzraq" data-start="1146" data-end="1183">Microsoft .NET Framework 4.0 STIG</li>
<li data-section-id="1gby2ux" data-start="1184" data-end="1211">Microsoft IIS 10.0 STIG</li>
<li data-section-id="1l88oia" data-start="1212" data-end="1249">Microsoft Office 365 ProPlus STIG</li>
<li data-section-id="qx6fqz" data-start="1250" data-end="1284">Microsoft SQL Server 2016 STIG</li>
<li data-section-id="12hg43v" data-start="1285" data-end="1314">Microsoft Windows 10 STIG</li>
<li data-section-id="1d585d6" data-start="1315" data-end="1344">Microsoft Windows 11 STIG</li>
<li data-section-id="3dhirp" data-start="1345" data-end="1383">Microsoft Windows Server 2019 STIG</li>
<li data-section-id="t9zka5" data-start="1384" data-end="1422">Microsoft Windows Server 2022 STIG</li>
<li data-section-id="agygra" data-start="1423" data-end="1460">Microsoft Windows Server DNS STIG</li>
<li data-section-id="mrhsuz" data-start="1461" data-end="1499">Motorola Solutions Android 13 STIG</li>
<li data-section-id="17atvzs" data-start="1500" data-end="1524">Mozilla Firefox STIG</li>
<li data-section-id="1x2hovi" data-start="1525" data-end="1587">Mozilla Firefox SCAP Benchmarks (Linux &amp; Windows variants)</li>
<li data-section-id="v5ztey" data-start="1588" data-end="1607">Tanium 7.x STIG</li>
<li data-section-id="tv38bx" data-start="1608" data-end="1633">Tanium 7.x TanOS STIG</li>
<li data-section-id="5b8tf" data-start="1634" data-end="1667">Trend Micro TippingPoint STIG</li>
<li data-section-id="drrcej" data-start="1668" data-end="1712">Group Policy Objects (GPOs)</li>
<li data-section-id="1r2kpj5" data-start="1713" data-end="1753">Microsoft Intune Policy</li>
<li data-section-id="g8lpxw" data-start="1754" data-end="1781">Microsoft Entra ID STIG</li>
<li data-section-id="e3l0fj" data-start="1782" data-end="1851">Oracle Linux 9 STIG</li>
</ul>
</div>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<h5 class="wpb_wrapper" style="text-align: left;"><strong style="color: #000000;"><a style="color: #000000;" href="https://csrc.nist.gov/News">NIST News</a></strong></h5>
<h5 style="padding-left: 30px;"><span style="color: #000000;">Updates &amp; Announcements:</span></h5>
<ul>
<li>None</li>
</ul>
<h5 style="padding-left: 30px;"><span style="color: #000000;">Special Publications, Interagency Reports, &amp; Cybersecurity White Papers:</span></h5>
<ul>
<li><a href="https://csrc.nist.gov/News/2026/foundational-cyber-activities-for-iot-prod-mfrs" target="_blank" rel="noopener">NIST IR 8259r1 (Revision 1), Foundational Cybersecurity Activities for IoT Product Manufacturers</a></li>
<li><a href="https://csrc.nist.gov/News/2026/recommendation-for-cryptographic-key-generation" target="_blank" rel="noopener">SP 800-133r3 (Revision 3), Recommendation for Cryptographic Key Generation</a></li>
<li><a href="https://csrc.nist.gov/News/2026/nist-publishes-cswp-52" target="_blank" rel="noopener">CSWP 52, Firmware-Based Monitoring for Bus-Based Computer Systems</a></li>
<li><a href="https://csrc.nist.gov/News/2026/small-business-cybersecurity-non-employer-firms" target="_blank" rel="noopener">Draft Small Business Cybersecurity: Non-Employer Firms</a></li>
<li><a href="https://csrc.nist.gov/News/2026/nist-releases-draft-sp-800-230" target="_blank" rel="noopener">IPD SP 800-230, Additional SLH-DSA Parameter Sets for Limited-Signature Use Cases</a></li>
</ul>
</div>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<h5 class="wpb_wrapper" style="text-align: left;"><strong style="color: #000000;"><a style="color: #000000;" href="https://www.niap-ccevs.org/announcements">NIAP News</a></strong></h5>
<h5 class="wpb_wrapper" style="text-align: left; padding-left: 30px;"><span style="color: #000000;">Updates &amp; Announcements:</span></h5>
<ul>
<li>NIAP Policy #5 Frequently Asked Questions and CAVP Mapping Document Updated</li>
</ul>
<h5 class="wpb_wrapper" style="text-align: left; padding-left: 30px;"><span style="color: #000000;">Protection Profile Announcements:</span></h5>
<ul>
<li>Published &#8211; PP for General Purpose Computing Platform (GPCP) Version 2.0</li>
<li>Published &#8211; PP-Module for Software Defined Networking &#8211; Controller Version 1.0</li>
<li>Published &#8211; PP-Module for Media Access Control Security Version 2.0</li>
<li>Published &#8211; cPP-Module for Stateful Traffic Filter Firewalls, Version 2.0</li>
</ul>
</div>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element "></div>
<div class="wpb_text_column wpb_content_element ">
<div class="wpb_wrapper">
<p style="text-align: center;">###</p>
</div>
</div>

		</div>
	</div>
<div class="vc_separator wpb_content_element vc_separator_align_center vc_sep_width_100 vc_sep_pos_align_center vc_separator_no_text vc_sep_color_black wpb_content_element  wpb_content_element" ><span class="vc_sep_holder vc_sep_holder_l"><span class="vc_sep_line"></span></span><span class="vc_sep_holder vc_sep_holder_r"><span class="vc_sep_line"></span></span>
</div></div></div></div></div><div class="vc_row wpb_row vc_row-fluid"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper"><div class="vc_row wpb_row vc_inner vc_row-fluid"><div class="wpb_column vc_column_container vc_col-sm-6"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<h5 class="wpb_wrapper" style="text-align: left;"><strong style="color: #000000;"><a style="color: #000000;" href="https://www.corsec.com/company/contact-us/">Connect With Us:</a></strong></h5>
<p>Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – <a href="https://ww3.corsec.com/subscribe"><span style="color: #0000ff;">Subscribe</span></a></p>
</div>

		</div>
	</div>
</div></div></div><div class="wpb_column vc_column_container vc_col-sm-6"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element ">
<h5 class="wpb_wrapper" style="text-align: left;"><strong style="color: #000000;"><a style="color: #000000;" href="https://www.corsec.com/contact-us/">Press Contact:</a></strong></h5>
<p><strong>Jake Nelson</strong><br />
Dir of Marketing<br />
Jnelson@corsec.com</p>
</div>

		</div>
	</div>
</div></div></div></div>
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<div class="wpb_text_column wpb_content_element "><a href="https://www.linkedin.com/company/corsec-security"><img loading="lazy" decoding="async" src="https://www.corsec.com/wp-content/uploads/LinkedIn.png" sizes="auto, (max-width: 40px) 100vw, 40px" srcset="https://www.corsec.com/wp-content/uploads/LinkedIn.png 128w, https://www.corsec.com/wp-content/uploads/LinkedIn-150x150.png 150w" alt="LinkedIn" width="35" height="35" />     </a><a href="https://twitter.com/CorsecSecurity"><img loading="lazy" decoding="async" src="https://www.corsec.com/wp-content/uploads/Twitter.png" sizes="auto, (max-width: 40px) 100vw, 40px" srcset="https://www.corsec.com/wp-content/uploads/Twitter.png 128w, https://www.corsec.com/wp-content/uploads/Twitter-150x150.png 150w" alt="Twitter" width="35" height="35" />     </a><a href="https://www.facebook.com/Corsec-158518584300710/"><img loading="lazy" decoding="async" src="https://www.corsec.com/wp-content/uploads/Facebook.png" sizes="auto, (max-width: 40px) 100vw, 40px" srcset="https://www.corsec.com/wp-content/uploads/Facebook.png 128w, https://www.corsec.com/wp-content/uploads/Facebook-150x150.png 150w" alt="Facebook" width="35" height="35" /></a></div>

		</div>
	</div>
</div></div></div></div>
</div><p>The post <a href="https://www.corsec.com/fed-april26/">Fed Roundup: April 2026</a> appeared first on <a href="https://www.corsec.com">Corsec Security, Inc.®</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Deconstructing Common Criteria: Myth #4</title>
		<link>https://www.corsec.com/common-criteria-myth-4/</link>
		
		<dc:creator><![CDATA[Mary Broerman]]></dc:creator>
		<pubDate>Tue, 28 Apr 2026 18:07:31 +0000</pubDate>
				<category><![CDATA[Blog]]></category>
		<category><![CDATA[Common Criteria]]></category>
		<category><![CDATA[Assurance Maintenance]]></category>
		<category><![CDATA[Certification Lifecycle]]></category>
		<category><![CDATA[Common Criteria Myths]]></category>
		<guid isPermaLink="false">https://www.corsec.com/?p=22537</guid>

					<description><![CDATA[<p>The post <a href="https://www.corsec.com/common-criteria-myth-4/">Deconstructing Common Criteria: Myth #4</a> appeared first on <a href="https://www.corsec.com">Corsec Security, Inc.®</a>.</p>
]]></description>
										<content:encoded><![CDATA[<div class="wpb-content-wrapper"><div class="vc_row wpb_row vc_row-fluid"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<p data-start="585" data-end="946">For organizations that have already achieved <span style="color: #ff6600;"><a style="color: #ff6600;" href="https://www.corsec.com/common-criteria/" target="_blank" rel="noopener">Common Criteria</a></span> certification, there can be a sense that the hardest work is behind them. Once a product earns certification and gains visibility on the <span class="hover:entity-accent entity-underline inline cursor-pointer align-baseline"><span class="whitespace-normal">Common Criteria Portal</span></span>, it becomes eligible for procurement opportunities and market access that require independently validated security assurance.</p>
<p data-start="948" data-end="1003">But what happens when that listing is no longer active?</p>
<p data-start="1005" data-end="1300">A common misconception is that once a product has been certified, its market access remains unchanged—even if the product is no longer listed as valid. In reality, removal from active listings can significantly affect procurement eligibility, customer confidence, and long-term market viability.</p>
<p data-start="1005" data-end="1300">This post is the fourth installment in our series, <a href="https://www.corsec.com/cc-myths/" target="_blank" rel="noopener"><em>Deconstructing Common Criteria: 5 Myths and Realities</em></a><em>,</em> which examines the assumptions that influence how organizations plan, achieve, and maintain Common Criteria certification. While each post stands independently, together they highlight the decisions that shape certification success—not only at the start of evaluation, but throughout the product’s lifecycle and continued market presence.</p>
<hr />

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<h3 data-section-id="mfpduf" data-start="1641" data-end="1739">Myth #4: If my product is no longer listed on the Common Criteria Portal, I can still access the same markets.</h3>
<p data-start="430" data-end="800">At first glance, it may seem reasonable to assume that once a product achieves Common Criteria certification, its market eligibility remains intact—even if the product is no longer actively listed. After all, certification represents a significant investment of time and resources, and organizations often view it as a long-term credential tied to the product’s history.</p>
<p data-start="802" data-end="1144">However, certification status is not simply about past achievement—it reflects a product’s current standing within the certification ecosystem. Active listings serve as the primary method by which customers, procurement officials, and regulatory stakeholders verify that a product continues to meet recognized security assurance requirements.</p>
<p data-start="1146" data-end="1407">When a product transitions from an active listing to an archived status, the implications extend beyond visibility. It can affect how buyers interpret risk, how procurement teams verify compliance, and how organizations position themselves in regulated markets.</p>
<h3 data-section-id="1vvs0d5" data-start="2112" data-end="2193">Reality: Active Listing Status Plays a Direct Role in Market Access</h3>
<p data-start="1486" data-end="1704">While previously certified products retain historical value, <strong data-start="1547" data-end="1704">active listing status on the Common Criteria Portal is often what determines whether a product remains eligible for procurement and trusted by customers.</strong></p>
<p data-start="1706" data-end="1994">Many government and regulated-sector procurements require verification of current certification status through the official Common Criteria listings. If a product is no longer actively listed, organizations may face new barriers—even if the product was successfully certified in the past.</p>
<p data-start="1996" data-end="2106">In practice, this means that allowing a certification to lapse or transition to archived status can introduce:</p>
<ul data-start="2108" data-end="2369">
<li data-section-id="1d8eh6w" data-start="2108" data-end="2190">Reduced eligibility for procurements tied to active certification requirements</li>
<li data-section-id="yo373r" data-start="2191" data-end="2239">Increased scrutiny during vendor evaluations</li>
<li data-section-id="14ax5bt" data-start="2240" data-end="2308">Loss of competitive positioning against actively listed products</li>
<li data-section-id="jxex7b" data-start="2309" data-end="2369">Additional effort to re-establish certification standing</li>
</ul>
<p data-start="2371" data-end="2741">Maintaining an active listing is not simply an administrative milestone—it is a strategic component of sustaining market access and customer confidence. Organizations that proactively manage certification timelines and plan for maintenance or re-certification activities are better positioned to preserve continuity in regulated markets and avoid unexpected disruptions.</p>
<hr />

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<h3 data-start="2608" data-end="2759">Planning &amp; Certification Lifecycle Management</h3>
<p data-start="587" data-end="843">Common Criteria certifications are not permanent. Certificates are issued with defined validity periods, and when those periods end, products typically transition from active listings to archived records unless maintenance or renewal actions are completed.</p>
<p data-start="845" data-end="1138">While archived certifications remain accessible for historical reference, they no longer represent an actively validated product. This distinction is important because many stakeholders rely on active listings as confirmation that a product continues to meet recognized assurance expectations.</p>
<p data-start="1140" data-end="1320">Organizations that monitor certification timelines and understand expiration cycles are better equipped to maintain continuity and avoid unexpected changes to their listing status, viewing certification as an ongoing lifecycle rather than a one-time milestone.</p>
<p data-start="2968" data-end="3222">Planning ahead for maintenance activities, updates, and renewal timelines helps reduce the risk of certification gaps. Rather than reacting to expiration deadlines, proactive teams align certification planning with product development and release cycles.</p>
<p data-start="3224" data-end="3374">This forward-looking approach supports consistent market presence and helps ensure certification status remains aligned with long-term business goals.</p>
<hr data-start="1636" data-end="1639" />
<h3 data-start="6348" data-end="6684">When Re-Certification or Maintenance Becomes Necessary</h3>
<p data-start="4622" data-end="4753">If a product listing is approaching expiration—or has already transitioned to archived status—there are still viable paths forward. Depending on the product and scheme requirements, organizations may pursue:</p>
<ul data-start="4832" data-end="5034">
<li data-section-id="1k3693l" data-start="4832" data-end="4870"><strong data-start="4834" data-end="4870">Assurance maintenance activities</strong></li>
<li data-section-id="v8hh5g" data-start="4871" data-end="4921"><strong data-start="4873" data-end="4921">Re-certification of updated product versions</strong></li>
<li data-section-id="12w0uc2" data-start="4922" data-end="4969"><strong data-start="4924" data-end="4969">Transition to updated Protection Profiles</strong></li>
<li data-section-id="50t7q3" data-start="4970" data-end="5034"><strong data-start="4972" data-end="5034">Strategic roadmap alignment to maintain listing continuity</strong></li>
</ul>
<p data-start="5036" data-end="5246">The key is recognizing that certification status is dynamic. Market access tied to Common Criteria is often directly linked to whether a product remains actively listed—not simply whether it was once certified.</p>
<p data-start="5036" data-end="5246">Learn more about <a href="https://www.corsec.com/maintenance/" target="_blank" rel="noopener">Certification Maintenance</a> or <a href="https://ww3.corsec.com/get-in-touch" target="_blank" rel="noopener">speak directly to an expert</a>.</p>

		</div>
	</div>

	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<hr data-start="1636" data-end="1639" />
<p data-start="5932" data-end="6076">Achieving Common Criteria certification is a significant milestone—but maintaining that certification is what sustains long-term market success.</p>
<p data-start="6078" data-end="6317">Active listing status on the <span class="hover:entity-accent entity-underline inline cursor-pointer align-baseline"><span class="whitespace-normal">Common Criteria Portal</span></span> is not just an administrative detail—it is a visible signal to customers, regulators, and partners that a product continues to meet recognized security assurance standards.</p>
<p data-start="6319" data-end="6488">Understanding the lifecycle of certification—and planning accordingly—helps ensure that market access remains stable, predictable, and aligned with organizational goals.</p>

		</div>
	</div>
</div></div></div></div>
</div><p>The post <a href="https://www.corsec.com/common-criteria-myth-4/">Deconstructing Common Criteria: Myth #4</a> appeared first on <a href="https://www.corsec.com">Corsec Security, Inc.®</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Deconstructing Common Criteria: Myth #3</title>
		<link>https://www.corsec.com/deconstructing-common-criteria-myth-3/</link>
		
		<dc:creator><![CDATA[Mary Broerman]]></dc:creator>
		<pubDate>Thu, 23 Apr 2026 18:32:08 +0000</pubDate>
				<category><![CDATA[Blog]]></category>
		<category><![CDATA[Common Criteria]]></category>
		<category><![CDATA[Product Security Certification]]></category>
		<category><![CDATA[Protection Profile Alignment]]></category>
		<category><![CDATA[Security Target]]></category>
		<guid isPermaLink="false">https://www.corsec.com/?p=22519</guid>

					<description><![CDATA[<p>The post <a href="https://www.corsec.com/deconstructing-common-criteria-myth-3/">Deconstructing Common Criteria: Myth #3</a> appeared first on <a href="https://www.corsec.com">Corsec Security, Inc.®</a>.</p>
]]></description>
										<content:encoded><![CDATA[<div class="wpb-content-wrapper"><div class="vc_row wpb_row vc_row-fluid"><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner"><div class="wpb_wrapper">
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			<p data-start="280" data-end="773">When organizations begin exploring <span style="color: #ff6600;"><a style="color: #ff6600;" href="https://www.corsec.com/common-criteria/" target="_blank" rel="noopener">Common Criteria</a></span>, one of the first questions they face is whether their product aligns with an existing requirements framework &#8211; a Protection Profile. In environments where certification pathways appear structured around predefined requirements, products that fall outside those boundaries can seem difficult to analyze for evaluation.</p>
<p data-start="775" data-end="1224">This uncertainty frequently shapes early planning decisions. Teams may hesitate to initiate certification discussions if they believe their product does not align to an existing Protection Profile, assuming that evaluation pathways are limited to predefined product categories. In reality, Common Criteria was designed to support a wide range of technologies, including those that introduce new functionality or operate in evolving technical spaces.</p>
<p data-start="1226" data-end="1634">This post is the third segment in our series, <a href="https://www.corsec.com/cc-myths/" target="_blank" rel="noopener"><em>Deconstructing Common Criteria: 5 Myths and Realities</em></a><em>,</em> which examines the assumptions that most often shape how organizations approach Common Criteria certification. While each post is designed to stand on its own, together they provide a clearer view into the decisions that influence certification success across product, engineering, and leadership teams.</p>
<hr data-start="1636" data-end="1639" />
<h3 data-section-id="mfpduf" data-start="1641" data-end="1739"><span role="text"><strong data-start="1644" data-end="1739">Myth 3: “My product does not align to a Protection Profile, so evaluation is not possible.”</strong></span></h3>
<p data-start="1741" data-end="2110">Among the myths explored in this series, this assumption often emerges during early practicality discussions. When teams review Protection Profiles and fail to identify a direct match, certification can appear out of reach. This perception can lead organizations to postpone planning efforts or dismiss certification altogether, even when viable pathways exist.</p>
<h3 data-section-id="1vvs0d5" data-start="2112" data-end="2193"><span role="text"><strong data-start="2116" data-end="2193">Reality: Protection Profile alignment is not the only path to evaluation.</strong></span></h3>
<p data-start="2195" data-end="2632">While Protection Profiles provide structured, widely recognized sets of security requirements for specific product types, they are only one component of the Common Criteria ecosystem. Products that do not align directly to an existing Protection Profile may still be evaluated using alternative approaches, most commonly through the development of a custom Security Target that defines the product’s security functionality and evaluation scope. This approach is evaluated against an Evaluation Assurance Level or EAL.</p>
<p data-start="2634" data-end="3095">EAL evaluations allow organizations to describe their product’s intended security capabilities in a structured and testable manner. Rather than forcing alignment to predefined requirements, this approach enables evaluation based on the product’s actual design and implementation. In many cases, emerging technologies, specialized platforms, or products with unique architectural features are evaluated successfully through an EAL evaluation.</p>
<p data-start="3097" data-end="3657">In addition, Protection Profiles themselves continue to evolve. As technology landscapes shift, new profiles are developed to address emerging product categories and security needs. Organizations participating in modern development cycles may find that today’s gap between their product and existing Protection Profiles becomes tomorrow’s standard alignment.</p>
<p data-start="3097" data-end="3657">Early engagement in certification discussions can help teams understand whether alignment, adaptation or alternative evaluation strategies are possible. Learn more about identifying the right evaluation path with a with a <span style="color: #ff6600;"><a style="color: #ff6600;" href="https://www.corsec.com/CC-assessment/" target="_blank" rel="noopener">Common Criteria Assessment</a>.</span> and start the conversation early to significantly improve program predictability and learn how structured planning can help define a clear evaluation path while supporting successful market entry.</p>
<h3 data-section-id="1cs4mdw" data-start="3659" data-end="3732"><span role="text"><strong data-start="3663" data-end="3732">Scope definition plays a critical role in evaluation feasibility.</strong></span></h3>
<p data-start="3734" data-end="4249">When products appear misaligned with existing Protection Profiles, the underlying issue is often related to scope rather than eligibility. The defined Target of Evaluation (TOE)—which establishes the boundaries of what is included in the evaluation—can significantly influence how closely a product aligns with available requirements. Carefully defining system boundaries, security functionality, and operational context often reveals alignment opportunities that are not immediately obvious during initial reviews.</p>
<p data-start="4251" data-end="4697">Modular architectures and clearly defined security components can also support flexible evaluation strategies. By isolating security-relevant functionality, organizations may be able to evaluate a portion of the system that aligns with known requirements, while maintaining flexibility for the broader product ecosystem. This approach can reduce complexity and create pathways to certification even when full-system alignment appears challenging.</p>
<h3 data-section-id="1jn6pt5" data-start="4699" data-end="4759"><span role="text"><strong data-start="4703" data-end="4759">Early planning reduces uncertainty around alignment.</strong></span></h3>
<p data-start="4761" data-end="5194">Much like cost and scheduling considerations, alignment challenges are most manageable when addressed early in the development lifecycle. Organizations that engage in structured planning—reviewing product architecture, identifying security features, and assessing potential evaluation pathways are often better positioned to determine whether Protection Profile alignment is achievable or whether alternative strategies like an EAL evaluation are available.</p>
<p data-start="5196" data-end="5547">Delaying these discussions can create downstream complications, particularly if architectural decisions are finalized without considering certification requirements. Early <span style="color: #ff6600;"><a style="color: #ff6600;" href="https://www.corsec.com/CC-assessment/" target="_blank" rel="noopener">evaluation readiness assessments</a></span> help clarify pathways, identify potential risks, and establish realistic expectations for scope, documentation, and timeline development.</p>
<p data-start="5549" data-end="5868">For many organizations, the perception that evaluation is not possible reflects uncertainty rather than limitation. When teams gain visibility into the available certification approaches, they are better equipped to make informed decisions about product design, market positioning, and long-term certification strategy.</p>
<p data-start="5870" data-end="6195">Organizations that engage experienced guidance early are often better positioned to navigate alignment decisions and maintain forward progress. From evaluating potential Protection Profile matches to developing custom Security Targets, structured planning helps transform uncertainty into actionable certification strategy.</p>
<hr data-start="1636" data-end="1639" />
<p data-start="6348" data-end="6684">Following this discussion, the series continues with additional misconceptions that frequently influence certification planning and long-term product strategy. Each reflects a different stage in the certification lifecycle and highlights how technical, operational, and regulatory assumptions can shape both timing and market readiness.</p>
<p data-start="6686" data-end="6799">Continue to follow along as we examine the remaining two myths that continue to influence certification strategy:</p>
<p data-start="6801" data-end="7011"><strong data-start="6801" data-end="6812">Myth 4:</strong> If my product is no longer listed on the Common Criteria Portal, I can still access the same markets.<br data-start="6914" data-end="6917" /><strong data-start="6917" data-end="6928">Myth 5:</strong> European Union Common Criteria (EUCC) is a completely new certification framework.</p>
<p data-start="7013" data-end="7260"><span data-olk-copy-source="MailCompose">These assumptions often stem from practical challenges. A closer examination shows that they can instead highlight opportunities for more structured planning, clearer expectations, and stronger certification outcomes.</span></p>

		</div>
	</div>
</div></div></div></div>
</div><p>The post <a href="https://www.corsec.com/deconstructing-common-criteria-myth-3/">Deconstructing Common Criteria: Myth #3</a> appeared first on <a href="https://www.corsec.com">Corsec Security, Inc.®</a>.</p>
]]></content:encoded>
					
		
		
			</item>
	</channel>
</rss>
