Monthly Fed Roundup – April 2017

DISA’s April News DISA system improves access to video surveillance for intel community NIST’s April News Cryptographic attack cited for the FF3 technique for format-preserving encryption (FPE) Requested Public Comment On: Draft Special Publication (SP) 800-190, Application Container Security Guide New Release: Draft white-paper “Profiles for the Lightweight Cryptography Standardization Process” NIAP’s April News Requested Technical Community…

IoT Device Security – What You Need To Know

The expanding market for connected devices and the Internet of Things (IoT) has propelled demand for products that alleviate the stress of managing daily interactions; from buying groceries to protecting our homes, there is an app or device for that. To meet this demand, manufacturers are developing products at rapid speed, while trying to keep prices low to promote user adoption. This has…

Cover Your Assets: 3 Ways To Protect Your IP

The cost of Intellectual Property (IP) theft is not one to be taken lightly. From steep financial losses to the irreparable damage to brand perception, IP theft can swiftly and unapologetically dismantle an organization from within, leaving investments, of both time and money, in ruin. While many feel that IP protection resides somewhere in legal…

Monthly Fed Roundup – March 2017

DISA’s March News DISA holds Systems Engineering, Technology, and Innovation Pre-Proposal Conference for insights on new Engineering Contract Vehicle Training offered for individuals trying to re-certify, re-accredit, or establish connectivity to the Defense Security Information Security Network (DISN) NIST’s March NewsNIST Final Public Draft: Cybersecurity Framework Manufacturing Profile NIAP’s March News RequestedTechnical Community Participation: The update on…

CMVP Changes to FIPS 140-2

During the recent Cryptographic Module User Forum (CMUF) meeting, CMVP, which oversees FIPS 140-2 validations in the United States and Canada, announced updates and changes to policy for stagnant modules, the historical list, and documentation definitions for maintenance. These changes will impact a number of modules, and could delay, or even stop your validation if not…

Upcoming Changes to Common Criteria and Other Security Certifications

The global encryption community will gather at the fifth annual International Cryptographic Module Conference (ICMC) in May to discuss the future of commercial cryptography and the role it plays in security of the world around us. Over 20 countries will be represented, as leaders come together to collaborate on unique challenges faced by those who produce,…

Ixia Expands DoD Sales Reach With Completion of APL Process

Corsec would like to congratulate our partner, Ixia, the company dedicated to delivering innovative solutions and trusted insight to support your network and security product; on completing the process for the Department of Defense Information Network Approved Products List (DoDIN APL). With this achievement, Ixia further extends the sales reach of their Net Tool Optimizer (NTO) and Vision ONE…

HPE Takes Another Step in Securing Service Desk Solutions

Corsec would like to congratulate our partner, HP Enterprise, on successfully finalizing the Common Criteria certification process for the HPE Service Manager v9.41. The completion of the CC evaluation gives governments and businesses a service desk solution that has been internationally vetted and tested for information assurance. The commitment by HPE to provide secured products to Federal organizations and global…

Monthly Fed Roundup – February 2017

DISA’s February News DISA CTO set to retire Systems Engineering, Technology and Innovation Request for Proposal released by DISA NIST’s February News NIST Draft Releases: Draft Special Publication 1800-7, Situational Awareness for Electric Utilities released for comments SHA-1 Collision NIAP’s February News NIAP has announced an invite to join a technical working group in the development of a Protection…

Varonis Completes Arduous Common Criteria Evaluation Process

Congratulations Varonis Systems, Inc. (Nasdaq:VRNS), for completing the Common Criteria evaluation of your Data Governance Suite, including DataPrivilege. Varonis provides a complete Metadata Framework™ and integrated product suite for the governance of unstructured and semi-structured data. They are able to collect, store, and analyze metadata non-intrusively, in real-time, on the major platforms that store unstructured data. The achievement…

Dispelling UC APL Listing Myths

The hoops that companies must jump through in order to sell into the Federal government can be difficult to understand and sometimes misleading. As with any government process, misconceptions surrounding what is required begin to evolve and companies can potentially lose revenue as a result. Here are a few of the most common myths and…

Monthly Fed Roundup – January 2017

DISA’s January News DISA focuses on Innovation during the Armed Forces Communications and Electronics Association panel NIST’s January News NIST Draft Releases: Draft Special Publication 800-12, Revision 1, An Introduction to Information Security NIST Interagency Reports: An Introduction to Privacy Engineering and Risk Management in Federal Systems NIAP’s January News The 2016 NIAP Progress Report Has…

New Guidance On FIPS 140-2 Listings

The Cryptographic Module Validation Program (CMVP), which was established by NIST to validate modules for the Federal Information Processions Standard (FIPS), has announced upcoming policy changes for the Modules In Process (MIP) list and Implementation Under Test (IUT) phase. CMVP has stated that “Over the past year, the CMVP has made great strides in reducing the amount…

Monthly Fed Roundup – December 2016

DISA’s December News No December Updates NIST’s December News NIST Draft Releases: Draft Special Publication 800-188, De-Identification of Government Datasets Special Publications: SP 800-179 Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist Special Publication 800-171, Revision 1, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations Special Publication 800-184,…

Corsec Named Owler ‘HOT in 2016’ Winner

Owler (a Crowdsourced Competitive Intelligence Platform) recognizes the top trending companies in cities around the world. They filtered through more than 15 million companies and picked 4,500 award winners across 600 cities worldwide. Recipients were chosen based on several different metrics, including number of followers on Owler, insights collected from our community, social media followers,…

IP Protection: Are You Asking The Right Questions?

Would you buy a house without properly securing all the windows and doors? Would you trust a bank that didn’t require ID and a password before granting access to your account? If we don’t take risks in protecting our personal property, why would we take risks when protecting our company’s Intellectual Property (IP)? World class security companies make strategic investments in…

Secure Your Certification’s Future

As you release new versions of previously certified and validated products, it is crucial that you develop a security certification maintenance plan to keep up with the evolution of your technology. Corsec’s Maintenance and Compliance Service helps you determine whether a full re-evaluation is necessary, or if you can pursue other measures to continue generating revenue from…

Your Security Strategy – Are You At Risk?

$7 Million Dollars – According to a recent study by IBM, that’s the average cost of a security breach. The overall brand damage can be catastrophic, huge financial losses and customer abandonment. Companies like Target and JPMorgan are still dealing with the aftermath from breaches. The ramifications can last years, or even worse, put you under. Avoiding these scenarios with proper product certifications is…

Monthly FED Roundup – November 2016

DISA’s November News The annual forecast event to industry was held in Baltimore, MD this month. NIST’s November News NIST Draft Releases: Draft Special Publication (SP) 800-187, Guide to LTE Security for public comment Draft Special Publication 800-181, NICE Cybersecurity Workforce Framework (NCWF) — National Initiative for Cybersecurity Education (NICE) Special Publications: Systems Security Engineering…

Corsec Cares Collects Food During Holiday Season

Every year Corsec Cares collects donations from team members and delivers them to a local organization to help ensure families in the district are able to enjoy and celebrate the Thanksgiving holiday season. For the second year in a row Corsec collected and delivered food donations to Food for Others, a local organization in Fairfax County, VA. Food for…

Are Your Partners Putting Your IP at Risk?

What if your intellectual property was at risk and you weren’t even aware? In today’s highly competitive and often vulnerable world, the companies we choose to partner with play a large role in the security of our products. We take precautionary measures to sign the proper documentation like NDAs and Teaming Agreements, but at the end…

Monthly FED Roundup – October 2016

DISA’s October News Those trying to establish, re-accredit, or re-certify their connections to the Defense Information Systems Network (DISN) will not have access to training provided by DISA’s Risk Adjudication and Connection Division. NIST’s October News NIST Draft Releases: NISTIR 8149, Developing Trust Frameworks to Support Identity Federations NISTIR 8151, Dramatically Reducing Software Vulnerabilities: Report to…

Corsec Cares Assists FIRST LEGO League

As part of Corsec Cares, Corsec’s CEO, Matthew Appler, teamed up with FIRST Lego League (FLL), a local organization to help students expand their engineering enthusiasm and find solutions to real word issues. FLL is a robotics competition for elementary and middle school aged children that runs nationwide every fall. Teams from Washington DC and…

iDirect’s Secure Satellite Broadband Solution Completes FIPS Validation

Corsec would like to congratulate our partner iDirect, a global leader in IP-based satellite communications, on their recent completion of the FIPS 140-2 validation process for their satellite broadband solution. iDirect has now completed and finalized all the necessary requirements for the FIPS 140-2 validation process and has been issued a certificate number by the Cryptographic Module…

Monthly FED Roundup – September 2016

DISA’s September News The DoD’s tool to detect and counter known cyber attacks, The Host Based Security System (HBSS), will be combined with other solutions to create a holistic approach to protecting our nation’s critical infrastructure and networks. This new solution will be known as Endpoint Security Solutions (ESS). In an attempt to leverage efficiencies,…

Ionic Security Inc. Completes FIPS 140-2 Validation

Corsec is pleased to announce that Ionic Security Inc.’s FIPS Crypto Module has been awarded FIPS 140-2 certificate number 2761 by the Cryptographic Module Validation Program (CMVP). This module has now completed and finalized all the necessary requirements for the FIPS 140-2 validation process, and can now be found on the NIST website. About FIPS 140-2 The FIPS…

Common Criteria Updates: Protection Profiles & Re-Evaluations

Full Drive Encryption v2.0 Collaborative Protection Profiles (FDE cPP) Published The Full Drive Encryption (FDE) international Technical Community (iTC) has published version 2.0 of the FDE Encryption Engine (EE) and FDE Authorization Acquisition (AA) cPPs and Supporting Documents. For more information please visit the cPP and iTC pages. NIAP Guidance Update NIAP updated the Guidance for the Common Criteria…

Corsec at Modern Day Marine 2016

Next week Corsec will be joining thousands of government leaders, industry partners, and members of academia at Modern Day Marine in Quantico, VA to discuss the future of technology within the DoD. Companies looking to meet the security requirements of the Marine Corp and sell their solution within the Department of Defense (DoD) will need to evaluate their product…

Monthly FED Roundup – August 2016

DISA’s August News DISA releases its Three-Tiered Approach to Cloud Computing DISA assists DoD cloud service providers with the Cloud Provisional Authorization (PA) process NIST’s August News A release was published on Post-Quantum Cryptography – for more information on the subject as well as notes from recent Post-Quantum events, please read Corsec’s blog post The…

Update On NIST’S Post-Quantum Cryptography Requirements

After a great discussion in Japan at the 7th Annual Post-Quantum Crypto Conference (PQCrypto 2016) back in February, NIST has taken the next step and announced they are seeking additional input and comments on their draft proposal for “Post-Quantum Cryptography: Proposed Requirements and Evaluation Criteria”. “The National Institute of Standards and Technology (NIST) has published a Federal Register Notice requesting comments on a proposed…

Ciena Secures Network Solution With FIPS Validation

Corsec would like to congratulate our partner, Ciena Corporation, for completing their Federal Information Processing Standard 140-2 (FIPS 140-2) validation on the 6500 Flex3 WaveLogic 3e OCLD Encryption Module. The successful completion of the FIPS 140-2 validation process demonstrates Ciena’s commitment to strong levels of security, including a government backed product offering and a dedication to providing…

Siemens’ Rugged Operating System Achieves FIPS “In Process” Status

Corsec would like to congratulate our partner, Siemens, for being listed as Implementation Under Test (IUT) as part of a FIPS 140-2 validation for their product, the Rugged Operating System (ROS) v2.7.1. This listing signifies that the ROS has achieved a monumental step in the validation effort, having reached “In Process” status – a phase…

Is Our Critical Infrastructure At Risk?

Everyday we rely on technology to ensure continuation of our routine day to day activities. Access to clean drinkable water, open roadways free of congestion and chaos, power to brighten our homes and businesses, and oil and gas supplies to cook our meals. But what happens when the system breaks down? The critical infrastructure that supports this…

RedSeal Completes Common Criteria Assurance Continuity

Corsec is pleased to announce that RedSeal Inc.’s Common Criteria Assurance Continuity for the RedSeal Platform v8.2.0 is now official and all the listings have been posted. The RedSeal product completed a EAL 2+ evaluation through the Network and Network-Related Devices and Systems product category. This Assurance Continuity ensures that RedSeal Platform will continue to operate in the…

Corsec Discusses Product Security At BlackHat

BlackHat USA is on the horizon and product security enhancement is a huge focal point this year. Modern-day cryptography provides a level of security that was previously unimagined, but how do we ensure that the precautionary steps we are taking are sufficient to protect our products from prevailing attacks and hackers? Evaluate Your Crypto and Protect…

Monthly FED Roundup – July 2016

DISA’s July News DISA receives $9.7M in funds to help the American Warfighter from DOD Rapid Innovation Fund Program DISA PAC has new leadership – Col. Joseph E. Delaney COL Andrew S. McClelland assumes command of DISA Europe NIST’s July News NIST has released two draft publications on the Security Content Automation Protocol (SCAP) NIAP’s July News…

FIPS 140-3: When Can We Expect It?

Corsec is often asked when the next version of the Federal Information Processing Standard (FIPS 140-3), is expected to be released. It is an important question as product vendors are trying to adapt their certification strategies; either by validating their products prior to any changes that could sidetrack their current efforts, or by validating post release in…

Two New Countries Join CCRA

The CCRA Management Committee Chair has announced that two more countries, Qatar and Singapore, will officially sign the Common Criteria Recognition Agreement (CCRA). The addition of of the two nations brings the total number of participants to 27. The Common Criteria Mutual Recognition Agreement (CCRA) is a pact, which was designed to allow all Common Criteria evaluations up to…

FIPS Inside: Is It Right For Me?

Implementing a FIPS 140-2 validation into your product is a great way to strengthen your solution, enhance your brand, and secure your bottom line. When pursuing FIPS, you will be faced with difficult and often confusing decisions; leaving you with many questions. One such question we are always asked is the difference between being FIPS Validated and FIPS…

Monthly FED Roundup – June 2016

DISA’s June News Lessons Learned from the First DOD Applications Migrated to the Commercial Cloud DISA Vice Director Jack Wilmer speaks on benefits of cloud solutions, including increased speed, agility, and cost savings Big Data Platform Update will Enable Faster Identification of Cyber Threats  An update to the DISA Big Data Platform is expected in…

CMUF Monthly Update: June

The deadline is approaching for vendors that were moved to the Historical List because of their RNG use.  July 1 is the last day that a lab can submit a no-cost 3Sub to move a module from the Historical List to the Validated list. For more information see our previous posts on who has been affected…

Ixia Products Reach “In Process” for FIPS 140-2

Corsec would like to congratulate our partner, Ixia, which provides testing, visibility, and security solutions to strengthen applications across physical and virtual networks; on being listed on the “In Process” list for two of their FIPS 140-2 validations. Ixia’s products, the VisionONE and Net ToolOptimizer (NTO) 7303 have reached the Implementation Under Test (IUT) phase of their validation and are progressing smoothly. Congrats to…

NTIS Appoints Avi Bender as New Director

The Department of Commerce’s National Technical Information Services (NTIS) has announced a few new changes that may very well shake up the way the government uses and shares information. NTIS has announced a new joint venture partnership aimed improve access, analysis, and use of federal data. NTIS serves as the largest central resource for government-funded…

Cybersecurity Acquisition Vehicle Coming

The General Services Administration (GSA) has announced their intentions to add another SIN to the GSA Schedule 70 – “Highly Adaptive Cybersecurity Services (HACS)”. The new SIN will be broken down into three categories for security services — proactive, reactive, and remediation. “We’re not putting together a vehicle for GSA. We’re putting it together for you. Tell us what…

DHS funds Cyber Defense

The Department of Homeland Security (DHS) has approved $1.8 billion in funding to prevent cybersecurity attacks and protect critical infrastructure. The House Appropriations Subcommittee approved the bill last week in order to support the National Protection and Programs Directorate (NPPD), the agency within DHS responsible for cybersecurity. “Hacking and cyberattacks have already cost the federal government billions…

Updates to Canadian Common Criteria Certifications

The Communications Security Establishment (CSE), the governing body of Common Criteria in Canada, has officially stated they will only accept Protection Profile (PP) based evaluations starting in September of 2017. Furthermore, they have stated that they will only be accepting evaluations against CSE-approved PPs; a full list of which can be found here. Additional guidance on…

Event Recovery and PIV Updates from NIST

NIST has released draft Special Publication (SP) 800-184, titled “Guide for Cybersecurity Event Recovery” – This draft is open to public comment until July, 11th, 2016 “The purpose of this document is to support federal agencies in a technology-neutral way in improving their cyber event recovery plans, processes, and procedures. This publication provides tactical and strategic…

Poor Project Management Could Derail Your Certification Efforts

CMVP has new guidelines which went live last month via the release of Implementation Guidance (G.16). This update will affect product vendors that have not taken proper precautions with project management related to their FIPS 140-2 validations. During validation, an accredited Lab can submit a request form (called an IUTA) for a product to be listed on the modules…

FIPS 140-2 Sunset Policy Update!

CMVP; the governing body that oversees U.S. FIPS 140-2 validations, has made drastic changes over the past year to policy governing product certification longevity. This week they went one step further and have now updated their Validation Sunsetting Policy, in a move that will impact a large number of companies and products. Key takeaways from this…

Cisco’s StealthWatch AC for Common Criteria Completed

Corsec would like to congratulate our partner Cisco Systems for achieving an Assurance Continuity (AC) on their Common Criteria listing for the StealthWatch solution. StealhWatch (originally a Lancope product) completed the Common Criteria certification process in May of 2014 under the Network Device Protection Profile (NDPP) v1.1 in Canada. After Lancope was acquired by Cisco, an Assurance Continuity was conducted…

DISA Cloud Migration

In 2013, the Defense Informations Systems Agency (DISA) developed an on-premise cloud solution for the DoD – milCloud 1.0. DISA continues to operate and manage this solution, but since its inception, cloud based services have grown in complexity and functionality. The DoD is now looking for a change. According to a report released by DISA,…

Updates From Around the Globe

Over the past two months Corsec has traveled from Seoul, Korea to Ontario, Canada in order to attend security certification events such as the Common Criteria Users Forum (CCUF), and the International Cryptographic Module Conference (ICMC). The discussions held as these events have given Corsec insight on changes that are coming to certification requirements, updates on the strategic outlook and vision…

Recent NIST Releases

NIST Releases “Best Practices Guide for Personal Identity Verification (PIV)-enabled Privileged Access” In response to the Office of Management and Budget (OMB)’s Cybersecurity Strategy and Implementation Plan, NIST has released their best practices guide for Personal Identity Verification (PIV)-enabled privileged access. This guide covers three critical areas: The risks of password-based single-factor authentication The need for multi-factor PIV-based…

Cybersecurity Innovation Forum

Corsec recently attended the Cybersecurity Innovation Summit at George Mason University in Fairfax, VA.  This event created a platform for discussions on the recent advancements in cybersecurity and the evolving challenges security experts face. Among those attending, were members of Academia, Industry and the Federal Government. Corsec’s CEO, Mathew Appler, attended the summit and has commented on the importance of the…

Corsec Speakers and Attendance at ICMC

As previously posted, next week in Ottawa, Ontario, Canada, hundreds of global leaders in the commercial encryption community will gather at the fourth annual International Cryptographic Module Conference (ICMC). Corsec’s President John Morris will be joining the list of Corsec employees speaking this year. John will be taking an in-depth look at the economic costs and rewards of…

CC Certification of HPE Asset Manager Finalized

Corsec would like to congratulate our partner, HP Enterprise on successfully completing the Common Criteria certification process for the HPE Asset Manager v9.50 with Connect-It v9.60 build #12154 (AM) and 010 (CIT). The certification was completed at an Evaluation Assurance Level (EAL) 2+ and underscores HPE’s commitment to providing secure and third-party validated products to Federal organizations and global…

CCUF Management Board Election Results

The Common Criteria Users Forum (CCUF), which serves as a voice amongst the Common Criteria community recently held elections for its management board. Corsec’s Matt Keller, who has served as the Vice Chair for the past 4 years, has been re-elected to the board and will continue to contribute to the CC community as well as to…

Vocera Completes FIPS Validation

Corsec would like to thank and congratulate our partner Vocera Communications on completing the Federal Information Processing Standard for their Vocera Cryptographic Module v3.0 (#0894).  This module has now completed and finalized all the necessary requirements for the FIPS 140-2 validation process, and is can now be found on the NIST site, which includes the listening for…

Corsec’s Matt Keller Attending 2016 ICMC

Next month in Ottawa, Ontario, Canada, hundreds of global leaders in the commercial encryption community will gather at the fourth annual International Cryptographic Module Conference (ICMC). Corsec’s Matt Keller, who also serves as CMUF Management Representative, will be presenting and recently was quoted in a release by the ICMC. “ICMC, presented by the Cryptographic Module User…

ScienceLogic Completes Second UC APL Listing Process

Corsec would like to congratulate our partner, ScienceLogic, on successfully completing all the necessary requirements to achieve listing on the DoD’s Unified Capabilities Approved Product List (UC APL).  ScienceLogic’s server monitoring product, the EM7 v7.8, is now listed and available for purchase by all DoD agencies. Over the past year, Corsec and ScienceLogic worked through hardening…

DISA Focuses On Mobile Security

In November of 2015, the Defense Information Systems Agency (DISA) announced it was taking steps to make cloud and mobile enabled networks a priority in 2016. It looks like that vision has actually started to take hold. Earlier this month, we discussed the changes to cloud security that DISA revealed when they released an update to the Cloud…

HPE Completes Common Criteria on iLO 4

Corsec would like to congratulate our partner, HP Enterprise on successfully completing the Common Criteria certification process for the HP Integrated Lights-Out (iLO) 4 v2.11 component. The certification was completed at an Evaluation Assurance Level (EAL) 2+ and underscores HPE’s commitment to providing secure and third-party validated products to Federal organizations and global enterprises. We are pleased and excited…

Sonus Completes Another FIPS 140-2 Validation

Corsec would like to thank and congratulate our partner Sonus Networks Inc., on completing the FIPS 140-2 validation process for the Session Border Controller (SBC) 5110/5210. After a year of hard work, the Sonus SBC 5110/5210 achieved validation and can be found on the CMVP website here. By partnering with Corsec, the SBC 5110/5210 is now…

HPE Adds FIPS 140-2 to BladeSystem Certification List With Corsec Guidance

Corsec would like to congratulate our partner HPE, on successfully completing yet another security certification for the HP BladeSystem, this time on the Onboard Administrator Firmware version 4.40. This is the third certification in recent months for the BladeSystem infrastructure. The Onboard Administrator Firmware successfully completed the Federal Information Processing Standard 140-2 (FIPS 140-2) and details the listing,…

DISA Updates Cloud Computing Security

Last week, the Department of Defense (DOD) released an update to the Cloud Computing Security Requirements Guide (CC SRG) through the Chief Information Office and the Defense Information Systems Agency (DISA). This update provides guidance to a number of components, including: cloud service providers (CSPs), both commercial and DOD, to all DOD components using cloud,…

Corsec Helps HP BladeSystem Complete Another Certification

Corsec would like to congratulate our partner, HP Enterprise on successfully completing the FIPS 140-2 validation process for the HPE BladeSystem c7000 and c3000 Enclosure with OA v4.40 and iLO 4 v2.11. These certifications underscore HPE’s commitment to providing secure and third-party validated products to Federal organizations and global enterprises. We are pleased and excited to have worked with…

Sonus Completes FIPS 140-2 Validation

Corsec would like to thank and congratulate our partner Sonus Networks Inc., on completing the FIPS 140-2 validation process for the Session Border Controller (SBC) 7000.  After a year of hard work, the Sonus SBC 7000’s achieved validation and can be found on the CMVP website here. By partnering with Corsec, the SBC 7000 is now a more secured…

Pentagon Increases Spending On Cyber Defense

Defense Secretary Ashton Carter announced that the Pentagon would be spending an additional $900 million in 2017 to enhance cyber defense measures. This comes after last years hack of the Office of Personnel Management (OPM), resulting in the loss of personal data for over 20 million federal employees and contractors. “Given the increasing severity and sophistication…

EMC Completes FIPS Validation On VNX Product with Corsec Guidance

Corsec would like to thank and congratulate our partner, EMC, on completing yet another security certification. EMC has finished the Federal Information Processing Standard 140-2 (FIPS 140-2) validation of their product, the VNX 6Gb/s SAS I/O Module with Encryption from EMC. The product is a SAS1 controller executing specialized firmware that provides Data At Rest Encryption…

HP Server Automation Ultimate Completes Common Criteria Certification with Corsec

Corsec would like to congratulate our partner, HP Enterprise on successfully completing the Common Criteria certification process at an EAL 2+ for their product, HP Server Automation Ultimate v10.10.002. The certification underscores HPE’s commitment to providing secure and third-party validated products to Federal organizations and global enterprises. We are pleased and excited to have worked with the HPE…

NIAP archives Products with Outdated RNG

NIAP, the governing body over Common Criteria in the U.S., announced last week that it would be removing products from their Product Compliant List (PCL) that do not meet new Random Number Generator (RNG) requirements.  This announcement is directly tied to current U.S. government purchasing policies. In a similar case, CMVP, the organization that oversees FIPS 140-2, implemented changes…

SCAP: New Revision Available

The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) has released the fourth revision of their Internal Report covering SCAP Version 1.2 Validation Program Test Requirements. SCAP or the “Security Content Automation Protocol” is made up of a suite of specifications developed by the security community for standardizing the way security software communicates and delivers…

Cisco Completes UC APL Listing with Corsec

Corsec would like to congratulate our partner, Cisco, on successfully completing all the necessary requirements to achieve listing on the DoD’s Unified Capabilities Approved Product List (UC APL).  Cisco’s Information Assurance Tool (IAT), StealthWatch Rel. 6.5.4 TN 1435301, is now listed and available for purchase by all DoD agencies. Over the past year, Corsec and…

SolidFire Completes Common Criteria Effort with Corsec

Corsec would like to congratulate our partner, SolidFire (A NetApp Company) on successfully completing the Common Criteria certification process for the Element OS 8 running on SF2405, SF4805, and SF9605 Storage Nodes and FC0025 Fibre Channel Nodes Version 8.0.1.2. The certification underscores SolidFire’s commitment to providing secure and third-party validated products to Federal organizations and global enterprises. We are…

OpenSSL Patches: Two New Named Attacks

In addition to the new vulnerabilities identified in January of this year, OpenSSL has once again had to release a slew of patches to correct problematic areas, which could ultimately affect your FIPS validation, Common Criteria evaluation or listing on the DoD’s UC APL. There are now at least two named attacks as part of the…

Corsec Helps HPE BladeSystem Complete Common Criteria Certification

Corsec would like to congratulate our partner, HP Enterprise on successfully completing the Common Criteria certification process for the HPE BladeSystem c7000 and c3000 Enclosure with OA v4.40, VC v4.41, and iLO 4 v2.11. The certification underscores HPE’s commitment to providing secure and third-party validated products to Federal organizations and global enterprises. We are pleased and excited to…

NIST’s Draft PUB on Entropy and RNG

Last month NIST released a draft publication on sources of Entropy and randomness in protecting sensitive data. The draft “Special Publication 800-90B, Recommendation for the Entropy Sources Used for Random Bit Generation”, is intended to help product vendors gauge if their sources of random numbers are indeed unpredictable. NIST states that “Random numbers are a crucial element in cryptography,…

Corsec at RSA 2016

RSA is on the horizon and everyone is getting excited.  Each year product vendors convene to discuss security and how we will protect our digital world.  But, with so much going on, it becomes difficult to prioritize between developing our pipelines, closing deals, and learning about new innovations to protect and enhance our products. Schedule…

Medical Devices & Security Guidelines

As cyber security risks continue to grow, a number of industries are starting to take steps to ensure secured protection of products. Health Care has always been an area of concern given the sensitive nature of the data that is transferred and stored among doctor’s offices, hospitals, and insurance carriers. Recently, the Food and Drug Administrations’s…

Targeting the DoD? The Different Paths to Military Sales

With the military’s love of acronyms and the many and varied requirement definitions, understanding how to break into Department of Defense (DoD) sales can be a daunting proposition. How do these DoD and international requirements relate to one another and what does your product need? A few of the requirements we are hearing questions on…

NSA Reorganization

In December of 2015, we heard about the NSA’s proposed reorganization (its biggest in 20 years) and a few of the potential impacts it could have on the agency and industry as a whole.  One critical area that is still somewhat murky is the impact on the IAD (and NIAP) now that the group is being…

Corsec Helps CyberArk Become First Comprehensive Privileded Account Security Solution To Be Listed On The U.S. Department Of Defense’s UC APL

Corsec congratulates CyberArk, for achieving listing on the DoD’s UC APL. CyberArk’s active participation in security certifications and listing on the UC APL signifies the companies’ commitment to providing users with solid product security and CybeArk becomes the first comprehensive Privileged Account Security solution to be listed on the DoD’s UC APL. Over the past year, Corsec and…

Corsec Attending AFCEA WEST

Corsec will be in San Diego, CA for the annual AFCEA WEST conference.  “The premier naval conference and exposition on the West Coast, WEST is now in its 26th year of bringing military and industry leaders together.  Co-sponsored by AFCEA International and the U.S. Naval Institute, WEST is the foremost event in which the makers…

DTECH LABS and Corsec Complete DoD’s UC APL Listing in Record Breaking Time

We are pleased to congratulate our partner DTECH LABS (a subsidiary of Cubic) for a true partnership in product security compliance and security hardening. Corsec and DTECH together have broken the previous benchmarks in time to listing for the DoD’s UC APL.  Corsec was able to accomplish this feat in record timing, completing their listing…

CMVP Has Begun Archiving!

As previously mentioned, CMVP announced that all FIPS 140-2 validations that use Random Number Generators (RNG), as well as certifications that use both the NIST 800-90A DRBG and RNG will be required to re-validate, otherwise, they will be placed on an unprocurable products list, which mandates reaffirmation with CMVP that you can meet new standards. Today, CMVP…

EMC Adds Data Storage System To List of Common Criteria Evaluated Products

EMC continues to grow as a leader in the secured storage playing field.  Corsec would like to congratulate our partner EMC on completing the Common Criteria EAL 2+ evaluation for their product, the SourceONE v7.2.  With this certification, SourceONE will continue to be a trusted option for governments and industries which have stringent security requirements for protecting and securing…

Happy Data Privacy Day

On January 28th; the U.S., Canada, and 47 European countries take time to acknowledge the importance of privacy and data protection best practices. Although this day has its roots in protecting personal data, specifically with attention to social networking, the Internet of Things (IoT) and interconnectivity of our lives has created a new world of vulnerabilities. Businesses…

White House Updates

When the Whitehouse issued its new action plan to prevent security breaches and attacks similar to that of the OPM fiasco, part of the plan was to acknowledge a number of cybersecurity gaps; some of which will ultimately impact security certifications such as FIPS 140-2, Common Criteria, and UC APL: Nov. 13, 2015 All agencies must identify and report to…

Cryptography, FIPS 140-2, and Lab Changes – What You Need to Know

Corsec brings highlights from recent events – offering insight into the future of Cryptographic Validations, Lab Reviews, and a potential new Inter-Agency Agreement. Cryptographic Validations, Quo Vadis? and apropos of FIPS 140-2 Cryptographic validations currently do not have an international acceptance, but the future for cryptographic validations looks promising in terms of mutual recognition. The public…

Corsec Guides McAfee through FIPS 140-2 Level 2 Validation

After a year of collaboration and commitment, Corsec would like to congratulate our partner, McAfee, for completing the Federal Information Processing Standards 140-2 (FIPS 140-2) Level 2 validation of the McAfee Web Gateway WG5000 and WG5500 Appliances.   By partnering with Corsec, McAfee’s Gateway product is now a more secured enterprise security solutions.  Corsec’s demonstrated expertise…

Sunsetting of FIPS 140-2 Products

Over 1,500 FIPS 140-2 validated products will be facing archival by CMVP by 2017. Recently, CMVP, the governing body which oversees FIPS 140-2 validations, laid out guidelines and new regulations for validations in two distinct areas: Sunsetting of products validated prior to 2012 If your validation took place prior to January 1st 2012, then CMVP could…

EMC’s ViPR Controller Completes Common Criteria with Corsec’s Guidance

Corsec is pleased to have worked with EMC to complete the Common Criteria validation for the ViPR Controller v2.1.0.3 HF2.  With this validation, ViPR Controller will continue to be a trusted option for governments and industries who have stringent security requirements for protecting and securing data. These governments and industries mandate the highest level of security requirements…

Corsec Guides HP Smart Array RAID Controllers Through Validation

After a year of collaboration and commitment, Corsec would like to congratulate our partner, HP, for completing the Federal Information Processing Standards 140-2 (FIPS 140-2) validation of their product, the Smart Array Gen9 RAID Controllers.  These Smart Array Controllers provide encryption for data at rest and showcase HP’s commitment to helping federal organizations and global enterprises…

Corsec Guides HPE to Successful Common Criteria Certification

Congratulations to HPE for successful completion of the Common Criteria evaluation for Cloud Service Automation v4.10;  CSA has completed Common Criteria at an EAL 2+ level, and is a trusted option for governments and industries who have stringent security requirements for protecting and securing data.  The product provides an environment that can be used by cloud…

EMC Completes Another Common Criteria Certification with Corsec

Congratulations to our partner EMC on successfully completing the Common Criteria certification process for their product, Isilon OneFS v7.2.0.4.  With this validation, EMC Isilon will continue to be a trusted option for governments and industries who have stringent security requirements for protecting and securing data. These governments and industries mandate the highest level of security requirements for…

Harris Secures Portable Radios Under FIPS 140-2 With Corsec’s Help

We are pleased to announce that our partner, Harris, has successfully completed the Federal Information Processing Standards 140-2 (FIPS 140-2) validation for their product, the Harris AES Load Module (HALM).  With Corsec’s help, this module will now help ensure that their portable terminal radios offer secured lines of communication for all that use them.  The…

Corsec Helps HPE Achieve FIPS 140-2 Certification

We congratulate our partner, HP Enterprise on successfully completing the certification process for the BladeSystem c-class Virtual Connect Module under the Federal Information Processing Standards 140-2 (FIPS 140-2).  The certification underscores HPE’s commitment to providing secure and third-party validated products to Federal organizations and global enterprises. We are pleased and excited to have worked with the HPE team…

The Next Step in FIPS 140-2 and Cryptography

Changes in Security Certifications:  With the extension of the FED budget, companies have begun to plan and develop their 2016 FED sales objectives with an eye on the expanding $70B total addressable market.  These companies are looking for ways to stay abreast to all changes affecting spending at the national level, as well as initiatives…

VMware’s vSphere v5.5 Completes CC with Help of Corsec

Corsec is pleased to congratulate our partner, VMware, on completing the Common Criteria validation for it’s product; vSphere v5.5. This product was tested and validated through the most stringent of security standards receiving a validation under an EAL2+, which underscores VMware’s commitment to helping federal organizations and global enterprises secure products around the world. vSphere is now able to sell…

Stringent Common Criteria Validation of Tintri Product Complete

As the demand to process higher amounts of data and at record levels escalates, the need for secured and protected storage solutions is dramatically increasing. Corsec is pleased to announce that Tintri; a leader in the secured storage space, recently partnered with us to complete the Common Criteria validation for their product VMstore v3.1.2.1. VMstore…

Changes in Common Criteria and Product Advocacy

As companies look to their 2016 sales objectives, the allure of the FED and it’s $70 billion budget, as well as emerging markets for healthcare, finance, critical infrastructure and the Internet of Things (IoT) is insatiably appealing. As we have all seen, U.S. and international governments as well as the aforementioned industries have stronger restrictions…

HP Works with Corsec to Secure IT Products Under Common Criteria

After months of hard work and dedication, Corsec is proud to congratulate HP on successfully completing the Common Criteria validation for it’s products; SiteScope v11.30 and Operations Orchestration (OO) v10.20. These products were tested and validated through the most stringent of security standards receiving a validation under an EAL2+, which underscores HP’s commitment to helping federal organizations and…

Corsec Helps EMC Certify Two More Products Under Common Criteria

Congratulations to our partner EMC, on achieving the Common Criteria Certification for VNXe OE v3.1.1 with Unisphere and VNXe3200 hardware as well as VMAX Series Appliances with HYPERMAX OS 5977. These products were tested and validated under the Canadian Scheme, which underscores EMC’s commitment to helping federal organizations and global enterprises secure products around the world. Corsec…

Ciena Corporation Achieves FIPS 140-2 Level 3

We are pleased to announce that our partner, Ciena Corporation, has successfully completed the Federal Information Processing Standards 140-2 (FIPS 140-2) validation for their product, the 6500 4×10 Krypto Card. The certification underscores Ciena’s commitment to helping federal organizations and global enterprises secure products. Corsec is pleased and excited to have helped them reach such a monumental…

Hewlett-Packard OpsBridge Undergoes Rigorous Common Criteria Evaluation Process

Corsec is pleased to announce Hewlett Packard Development Company’s Operations Bridge Premium v2015.x solution is officially in evaluation for an EAL2+ certification under the Spanish scheme. Common Criteria evaluation of security products is mandated for commercial information security products purchased by the U.S. government for use in national security systems. HP’s participation in this process illustrates the company’s commitment…

McAfee completes FIPS 140-2 validation for Firewall Enterprise Control Center Hardware and Virtual Appliance

Congratulations to our partner, McAfee, which has successfully completed the Federal Information Processing Standards 140-2 (FIPS 140-2) validation for the McAfee® Firewall Enterprise Control Center Hardware and Virtual Appliance. The certification underscores McAfee’s commitment to helping federal organizations and global enterprises secure products. Corsec is pleased and excited to have helped them reach such a monumental…

Corsec helps Varonis reach “In Evaluation” Phase for Common Criteria Certification EAL-2

Congratulations Varonis Systems, Inc. (Nasdaq:VRNS), for reaching the Common Criteria “In Evaluation” phase on the Data Governance Suite. The certification process underscores Varonis’ commitment to helping federal organizations and global enterprises secure privileged accounts. Corsec is pleased and…

Corsec on the Road – Gartner Security & Risk Management Summit 2015

Ian Wisecarver and Jason Kozak head to Gartner Security & Risk Management Summit 2015. Corsec’s Ian Wisecarver and Jason Kozak will be joining the IT security discussion in our Nation’s Capital next week, as they meet with IT product vendors and industry leaders at the Gartner Security & Risk Management Summit 2015 in

IT Security Certifications at InfoSec 2015

Will you be at InfoSecurity 2015 this year? InfoSecurity 2015, is Europe’s largest free information security event, focused on relevant IT security issues including pressing issues like practical ways to protect information assets, recovering and securing data, and innovative strategies to discuss information security risks. Ian Wisecarver from Corsec will…

Corsec Announces FIPS 140-2 Validation for Comtech EF Data Corp.

Corsec Helps Provide a Path to Successful FIPS 140-2 Certification, Opening Government, Military and Secure Commercial Networks Markets for IT Security Products Fairfax, VA, September 10, 2014 – Corsec, the world’s leading validation solutions provider, today announced that its client, Comtech EF Data Corp., a subsidiary of Comtech Telecommunications Corp. (NASDAQ: CMTL), has achieved FIPS…

Corsec Announces Fall 2014 Global Speaking Tour

Industry Experts Selected to Deliver Critical Guidance and Insights at Leading IT Security Conferences Fairfax, VA, September 8, 2014 – Corsec, the world’s leader in providing access to new markets via third-party security validations, recently announced the lineup for its Fall 2014 Global Speaking Tour. Corsec experts will be presenting at key industry conferences on topics…

Corsec Guides ScienceLogic to Successful DoD Product Certification

IT Monitoring Software Client Gains Inclusion on the Department of Defense (DoD) Unified Capabilities Approved Products List (UC APL) Fairfax, VA, August 20, 2014 – Corsec, the world’s leading validation solutions provider, recently added ScienceLogic, Inc. to its growing list of clients who have achieved inclusion on the U.S. Department of Defense (DoD) Unified Capabilities…

NIST Successfully Slashes FIPS 140-2 Validation Wait Time Down to Record Lows

Fairfax, VA, May 14, 2011 –  Corsec Security, Inc., the leader in FIPS 140-2 and Common Criteria documentation, project management and consulting services, today announced that NIST’s Cryptographic Module Validation Program (CMVP) queue is down to a record low. This accomplishment marks a major success for the FIPS 140-2 program due to the hard work…

Corsec Security Augments Services to Provide Complete UC APL Solution for Information Security Vendors

Corsec Expands service offering to include DoD Unified Capabilities APL certification. Fairfax, VA, January 12, 2012 – Corsec Security, Inc., the leader in FIPS 140-2 and Common Criteria documentation and project management services is announcing the addition of Department of Defense Unified Capabilities Approved Product List (DoD UC APL) certification services in order to provide customers…

Corsec Completes 200th FIPS 140 & Common Criteria Certification for IT Security Vendors

Corsec Security, Inc., the leading provider of FIPS 140-2 and Common Criteria documentation and consulting services, today announced the completion of the 200th certificate they have achieved for IT Security vendors across the globe. Fairfax, VA, July 22, 2010 – Corsec Security, Inc., the leading provider of FIPS 140-2 and Common Criteria documentation and consulting…