Upcoming Changes to Common Criteria and Other Security Certifications

The global encryption community will gather at the fifth annual International Cryptographic Module Conference (ICMC) in May to discuss the future of commercial cryptography and the role it plays in security of the world around us. Over 20 countries will be represented, as leaders come together to collaborate on unique challenges faced by those who produce, use, and test cryptographic modules. This discussion fill focus on international standards such as FIPS 140-2, ISO/IEC 19790, and Common Criteria; including the following six tracks:

  • Global Cryptographic Module Validation
  • Open Source Cryptography
  • Embedded Encryption and Industry-Vertical Applications
  • Common Criteria
  • Quantum Threats and Quantum-Safe Crypto
  • End-User Experience and Crypto Policy

Corsec’s team will again be leading discussions on various topics including Corsec’s Matt Keller, who will kick off the conference with an overview on the CMUF and recent changes that affect the community. Later that day, Corsec President John Morris will present on the importance of Third-party security validations, including the role of FIPS 140-2, Common Criteria, and DoDIN APL in securing products. – “When it comes to commercially-viable security assurance, there are few options that address all concerns. Traditional third-party assurance programs are slow to be defined, enforced, and are often costly for vendors to navigate. However, vendors are participating more and more frequently in several government-mandated efforts Mr. Morris will examine three of the most successful third-party assurance programs (FIPS 140-2, Common Criteria, and DoDIN APL) and the benefits and drawbacks of the programs. Mr. Morris will break down the vendor, government, and consumer experience with security accreditations and provide insight into the current and future directions of these programs.”

In addition to Mr. Morris and Mr. Keller, Corsec’s Shashi Karanam will speak on how to keep FIPS 140-2 validations valid, including change within the module and operational environments. – “The goal of this presentation is to help vendors to have a better understanding of the CMVP requirements of maintaining the FIPS certificates and the revalidation requirements in FIPS 140-2.”

Corsec’s continued participation at ICMC demonstrates the importance of global involvement in the cryptographic community. If you can not attend the conference and want to stay up to date with Corsec as we help to shape the future of validations, you can request your annual report after the show.


Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Corsec Social Media