Corsec at Modern Day Marine 2016

Next week Corsec will be joining thousands of government leaders, industry partners, and members of academia at Modern Day Marine in Quantico, VA to discuss the future of technology within the DoD. Companies looking to meet the security requirements of the Marine Corp and sell their solution within the Department of Defense (DoD) will need to evaluate their product…

Monthly FED Roundup – August 2016

DISA’s August News DISA releases its Three-Tiered Approach to Cloud Computing DISA assists DoD cloud service providers with the Cloud Provisional Authorization (PA) process NIST’s August News A release was published on Post-Quantum Cryptography – for more information on the subject as well as notes from recent Post-Quantum events, please read Corsec’s blog post The…

Update On NIST’S Post-Quantum Cryptography Requirements

After a great discussion in Japan at the 7th Annual Post-Quantum Crypto Conference (PQCrypto 2016) back in February, NIST has taken the next step and announced they are seeking additional input and comments on their draft proposal for “Post-Quantum Cryptography: Proposed Requirements and Evaluation Criteria”. “The National Institute of Standards and Technology (NIST) has published a Federal Register Notice requesting comments on a proposed…

Ciena Secures Network Solution With FIPS Validation

Corsec would like to congratulate our partner, Ciena Corporation, for completing their Federal Information Processing Standard 140-2 (FIPS 140-2) validation on the 6500 Flex3 WaveLogic 3e OCLD Encryption Module. The successful completion of the FIPS 140-2 validation process demonstrates Ciena’s commitment to strong levels of security, including a government backed product offering and a dedication to providing…

Siemens’ Rugged Operating System Achieves FIPS “In Process” Status

Corsec would like to congratulate our partner, Siemens, for being listed as Implementation Under Test (IUT) as part of a FIPS 140-2 validation for their product, the Rugged Operating System (ROS) v2.7.1. This listing signifies that the ROS has achieved a monumental step in the validation effort, having reached “In Process” status – a phase…

Is Our Critical Infrastructure At Risk?

Everyday we rely on technology to ensure continuation of our routine day to day activities. Access to clean drinkable water, open roadways free of congestion and chaos, power to brighten our homes and businesses, and oil and gas supplies to cook our meals. But what happens when the system breaks down? The critical infrastructure that supports this…

RedSeal Completes Common Criteria Assurance Continuity

Corsec is pleased to announce that RedSeal Inc.’s Common Criteria Assurance Continuity for the RedSeal Platform v8.2.0 is now official and all the listings have been posted. The RedSeal product completed a EAL 2+ evaluation through the Network and Network-Related Devices and Systems product category. This Assurance Continuity ensures that RedSeal Platform will continue to operate in the…

Corsec Discusses Product Security At BlackHat

BlackHat USA is on the horizon and product security enhancement is a huge focal point this year. Modern-day cryptography provides a level of security that was previously unimagined, but how do we ensure that the precautionary steps we are taking are sufficient to protect our products from prevailing attacks and hackers? Evaluate Your Crypto and Protect…

Monthly FED Roundup – July 2016

DISA’s July News DISA receives $9.7M in funds to help the American Warfighter from DOD Rapid Innovation Fund Program DISA PAC has new leadership – Col. Joseph E. Delaney COL Andrew S. McClelland assumes command of DISA Europe NIST’s July News NIST has released two draft publications on the Security Content Automation Protocol (SCAP) NIAP’s July News…

FIPS 140-3: When Can We Expect It?

Corsec is often asked when the next version of the Federal Information Processing Standard (FIPS 140-3), is expected to be released. It is an important question as product vendors are trying to adapt their certification strategies; either by validating their products prior to any changes that could sidetrack their current efforts, or by validating post release in…

Two New Countries Join CCRA

The CCRA Management Committee Chair has announced that two more countries, Qatar and Singapore, will officially sign the Common Criteria Recognition Agreement (CCRA). The addition of of the two nations brings the total number of participants to 27. The Common Criteria Mutual Recognition Agreement (CCRA) is a pact, which was designed to allow all Common Criteria evaluations up to…

FIPS Inside: Is It Right For Me?

Implementing a FIPS 140-2 solution into your product is a great way to strengthen your solution, enhance your brand, and secure your bottom line. When pursuing FIPS, you will be faced with difficult and often confusing decisions; leaving you with many questions. One such question we are always asked is the difference between being FIPS Validated and FIPS…

Monthly FED Roundup – June 2016

DISA’s June News Lessons Learned from the First DOD Applications Migrated to the Commercial Cloud DISA Vice Director Jack Wilmer speaks on benefits of cloud solutions, including increased speed, agility, and cost savings Big Data Platform Update will Enable Faster Identification of Cyber Threats  An update to the DISA Big Data Platform is expected in…

CMUF Monthly Update: June

The deadline is approaching for vendors that were moved to the Historical List because of their RNG use.  July 1 is the last day that a lab can submit a no-cost 3Sub to move a module from the Historical List to the Validated list. For more information see our previous posts on who has been affected…

Ixia Products Reach “In Process” for FIPS 140-2

Corsec would like to congratulate our partner, Ixia, which provides testing, visibility, and security solutions to strengthen applications across physical and virtual networks; on being listed on the “In Process” list for two of their FIPS 140-2 validations. Ixia’s products, the VisionONE and Net ToolOptimizer (NTO) 7303 have reached the Implementation Under Test (IUT) phase of their validation and are progressing smoothly. Congrats to…

NTIS Appoints Avi Bender as New Director

The Department of Commerce’s National Technical Information Services (NTIS) has announced a few new changes that may very well shake up the way the government uses and shares information. NTIS has announced a new joint venture partnership aimed improve access, analysis, and use of federal data. NTIS serves as the largest central resource for government-funded…

Cybersecurity Acquisition Vehicle Coming

The General Services Administration (GSA) has announced their intentions to add another SIN to the GSA Schedule 70 – “Highly Adaptive Cybersecurity Services (HACS)”. The new SIN will be broken down into three categories for security services — proactive, reactive, and remediation. “We’re not putting together a vehicle for GSA. We’re putting it together for you. Tell us what…

DHS funds Cyber Defense

The Department of Homeland Security (DHS) has approved $1.8 billion in funding to prevent cybersecurity attacks and protect critical infrastructure. The House Appropriations Subcommittee approved the bill last week in order to support the National Protection and Programs Directorate (NPPD), the agency within DHS responsible for cybersecurity. “Hacking and cyberattacks have already cost the federal government billions…

Updates to Canadian Common Criteria Certifications

The Communications Security Establishment (CSE), the governing body of Common Criteria in Canada, has officially stated they will only accept Protection Profile (PP) based evaluations starting in September of 2017. Furthermore, they have stated that they will only be accepting evaluations against CSE-approved PPs; a full list of which can be found here. Additional guidance on…

Event Recovery and PIV Updates from NIST

NIST has released draft Special Publication (SP) 800-184, titled “Guide for Cybersecurity Event Recovery” – This draft is open to public comment until July, 11th, 2016 “The purpose of this document is to support federal agencies in a technology-neutral way in improving their cyber event recovery plans, processes, and procedures. This publication provides tactical and strategic…

Poor Project Management Could Derail Your Certification Efforts

CMVP has new guidelines which went live last month via the release of Implementation Guidance (G.16). This update will affect product vendors that have not taken proper precautions with project management related to their FIPS 140-2 validations. During validation, an accredited Lab can submit a request form (called an IUTA) for a product to be listed on the modules…

FIPS 140-2 Sunset Policy Update!

CMVP; the governing body that oversees U.S. FIPS 140-2 validations, has made drastic changes over the past year to policy governing product certification longevity. This week they went one step further and have now updated their Validation Sunsetting Policy, in a move that will impact a large number of companies and products. Key takeaways from this…

Cisco’s StealthWatch AC for Common Criteria Completed

Corsec would like to congratulate our partner Cisco Systems for achieving an Assurance Continuity (AC) on their Common Criteria listing for the StealthWatch solution. StealhWatch (originally a Lancope product) completed the Common Criteria certification process in May of 2014 under the Network Device Protection Profile (NDPP) v1.1 in Canada. After Lancope was acquired by Cisco, an Assurance Continuity was conducted…

DISA Cloud Migration

In 2013, the Defense Informations Systems Agency (DISA) developed an on-premise cloud solution for the DoD – milCloud 1.0. DISA continues to operate and manage this solution, but since its inception, cloud based services have grown in complexity and functionality. The DoD is now looking for a change. According to a report released by DISA,…

Updates From Around the Globe

Over the past two months Corsec has traveled from Seoul, Korea to Ontario, Canada in order to attend security certification events such as the Common Criteria Users Forum (CCUF), and the International Cryptographic Module Conference (ICMC). The discussions held as these events have given Corsec insight on changes that are coming to certification requirements, updates on the strategic outlook and vision…

Recent NIST Releases

NIST Releases “Best Practices Guide for Personal Identity Verification (PIV)-enabled Privileged Access” In response to the Office of Management and Budget (OMB)’s Cybersecurity Strategy and Implementation Plan, NIST has released their best practices guide for Personal Identity Verification (PIV)-enabled privileged access. This guide covers three critical areas: The risks of password-based single-factor authentication The need for multi-factor PIV-based…

Cybersecurity Innovation Forum

Corsec recently attended the Cybersecurity Innovation Summit at George Mason University in Fairfax, VA.  This event created a platform for discussions on the recent advancements in cybersecurity and the evolving challenges security experts face. Among those attending, were members of Academia, Industry and the Federal Government. Corsec’s CEO, Mathew Appler, attended the summit and has commented on the importance of the…

Corsec Speakers and Attendance at ICMC

As previously posted, next week in Ottawa, Ontario, Canada, hundreds of global leaders in the commercial encryption community will gather at the fourth annual International Cryptographic Module Conference (ICMC). Corsec’s President John Morris will be joining the list of Corsec employees speaking this year. John will be taking an in-depth look at the economic costs and rewards of…

CC Certification of HPE Asset Manager Finalized

Corsec would like to congratulate our partner, HP Enterprise on successfully completing the Common Criteria certification process for the HPE Asset Manager v9.50 with Connect-It v9.60 build #12154 (AM) and 010 (CIT). The certification was completed at an Evaluation Assurance Level (EAL) 2+ and underscores HPE’s commitment to providing secure and third-party validated products to Federal organizations and global…

CCUF Management Board Election Results

The Common Criteria Users Forum (CCUF), which serves as a voice amongst the Common Criteria community recently held elections for its management board. Corsec’s Matt Keller, who has served as the Vice Chair for the past 4 years, has been re-elected to the board and will continue to contribute to the CC community as well as to…

Vocera Completes FIPS Validation

Corsec would like to thank and congratulate our partner Vocera Communications on completing the Federal Information Processing Standard for their Vocera Cryptographic Module v3.0 (#0894).  This module has now completed and finalized all the necessary requirements for the FIPS 140-2 validation process, and is can now be found on the NIST site, which includes the listening for…

Corsec’s Matt Keller Attending 2016 ICMC

Next month in Ottawa, Ontario, Canada, hundreds of global leaders in the commercial encryption community will gather at the fourth annual International Cryptographic Module Conference (ICMC). Corsec’s Matt Keller, who also serves as CMUF Management Representative, will be presenting and recently was quoted in a release by the ICMC. “ICMC, presented by the Cryptographic Module User…

ScienceLogic Completes Second UC APL Listing Process

Corsec would like to congratulate our partner, ScienceLogic, on successfully completing all the necessary requirements to achieve listing on the DoD’s Unified Capabilities Approved Product List (UC APL).  ScienceLogic’s server monitoring product, the EM7 v7.8, is now listed and available for purchase by all DoD agencies. Over the past year, Corsec and ScienceLogic worked through hardening…

DISA Focuses On Mobile Security

In November of 2015, the Defense Information Systems Agency (DISA) announced it was taking steps to make cloud and mobile enabled networks a priority in 2016. It looks like that vision has actually started to take hold. Earlier this month, we discussed the changes to cloud security that DISA revealed when they released an update to the Cloud…

HPE Completes Common Criteria on iLO 4

Corsec would like to congratulate our partner, HP Enterprise on successfully completing the Common Criteria certification process for the HP Integrated Lights-Out (iLO) 4 v2.11 component. The certification was completed at an Evaluation Assurance Level (EAL) 2+ and underscores HPE’s commitment to providing secure and third-party validated products to Federal organizations and global enterprises. We are pleased and excited…

Sonus Completes Another FIPS 140-2 Validation

Corsec would like to thank and congratulate our partner Sonus Networks Inc., on completing the FIPS 140-2 validation process for the Session Border Controller (SBC) 5110/5210. After a year of hard work, the Sonus SBC 5110/5210 achieved validation and can be found on the CMVP website here. By partnering with Corsec, the SBC 5110/5210 is now…

HPE Adds FIPS 140-2 to BladeSystem Certification List With Corsec Guidance

Corsec would like to congratulate our partner HPE, on successfully completing yet another security certification for the HP BladeSystem, this time on the Onboard Administrator Firmware version 4.40. This is the third certification in recent months for the BladeSystem infrastructure. The Onboard Administrator Firmware successfully completed the Federal Information Processing Standard 140-2 (FIPS 140-2) and details the listing,…

DISA Updates Cloud Computing Security

Last week, the Department of Defense (DOD) released an update to the Cloud Computing Security Requirements Guide (CC SRG) through the Chief Information Office and the Defense Information Systems Agency (DISA). This update provides guidance to a number of components, including: cloud service providers (CSPs), both commercial and DOD, to all DOD components using cloud,…

Corsec Helps HP BladeSystem Complete Another Certification

Corsec would like to congratulate our partner, HP Enterprise on successfully completing the FIPS 140-2 validation process for the HPE BladeSystem c7000 and c3000 Enclosure with OA v4.40 and iLO 4 v2.11. These certifications underscore HPE’s commitment to providing secure and third-party validated products to Federal organizations and global enterprises. We are pleased and excited to have worked with…

Sonus Completes FIPS 140-2 Validation

Corsec would like to thank and congratulate our partner Sonus Networks Inc., on completing the FIPS 140-2 validation process for the Session Border Controller (SBC) 7000.  After a year of hard work, the Sonus SBC 7000’s achieved validation and can be found on the CMVP website here. By partnering with Corsec, the SBC 7000 is now a more secured…

Pentagon Increases Spending On Cyber Defense

Defense Secretary Ashton Carter announced that the Pentagon would be spending an additional $900 million in 2017 to enhance cyber defense measures. This comes after last years hack of the Office of Personnel Management (OPM), resulting in the loss of personal data for over 20 million federal employees and contractors. “Given the increasing severity and sophistication…

EMC Completes FIPS Validation On VNX Product with Corsec Guidance

Corsec would like to thank and congratulate our partner, EMC, on completing yet another security certification. EMC has finished the Federal Information Processing Standard 140-2 (FIPS 140-2) validation of their product, the VNX 6Gb/s SAS I/O Module with Encryption from EMC. The product is a SAS1 controller executing specialized firmware that provides Data At Rest Encryption…

HP Server Automation Ultimate Completes Common Criteria Certification with Corsec

Corsec would like to congratulate our partner, HP Enterprise on successfully completing the Common Criteria certification process at an EAL 2+ for their product, HP Server Automation Ultimate v10.10.002. The certification underscores HPE’s commitment to providing secure and third-party validated products to Federal organizations and global enterprises. We are pleased and excited to have worked with the HPE…

NIAP archives Products with Outdated RNG

NIAP, the governing body over Common Criteria in the U.S., announced last week that it would be removing products from their Product Compliant List (PCL) that do not meet new Random Number Generator (RNG) requirements.  This announcement is directly tied to current U.S. government purchasing policies. In a similar case, CMVP, the organization that oversees FIPS 140-2, implemented changes…

SCAP: New Revision Available

The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) has released the fourth revision of their Internal Report covering SCAP Version 1.2 Validation Program Test Requirements. SCAP or the “Security Content Automation Protocol” is made up of a suite of specifications developed by the security community for standardizing the way security software communicates and delivers…

Cisco Completes UC APL Listing with Corsec

Corsec would like to congratulate our partner, Cisco, on successfully completing all the necessary requirements to achieve listing on the DoD’s Unified Capabilities Approved Product List (UC APL).  Cisco’s Information Assurance Tool (IAT), StealthWatch Rel. 6.5.4 TN 1435301, is now listed and available for purchase by all DoD agencies. Over the past year, Corsec and…

SolidFire Completes Common Criteria Effort with Corsec

Corsec would like to congratulate our partner, SolidFire (A NetApp Company) on successfully completing the Common Criteria certification process for the Element OS 8 running on SF2405, SF4805, and SF9605 Storage Nodes and FC0025 Fibre Channel Nodes Version 8.0.1.2. The certification underscores SolidFire’s commitment to providing secure and third-party validated products to Federal organizations and global enterprises. We are…

OpenSSL Patches: Two New Named Attacks

In addition to the new vulnerabilities identified in January of this year, OpenSSL has once again had to release a slew of patches to correct problematic areas, which could ultimately affect your FIPS validation, Common Criteria evaluation or listing on the DoD’s UC APL. There are now at least two named attacks as part of the…

Corsec Helps HPE BladeSystem Complete Common Criteria Certification

Corsec would like to congratulate our partner, HP Enterprise on successfully completing the Common Criteria certification process for the HPE BladeSystem c7000 and c3000 Enclosure with OA v4.40, VC v4.41, and iLO 4 v2.11. The certification underscores HPE’s commitment to providing secure and third-party validated products to Federal organizations and global enterprises. We are pleased and excited to…

NIST’s Draft PUB on Entropy and RNG

Last month NIST released a draft publication on sources of Entropy and randomness in protecting sensitive data. The draft “Special Publication 800-90B, Recommendation for the Entropy Sources Used for Random Bit Generation”, is intended to help product vendors gauge if their sources of random numbers are indeed unpredictable. NIST states that “Random numbers are a crucial element in cryptography,…

Corsec at RSA 2016

RSA is on the horizon and everyone is getting excited.  Each year product vendors convene to discuss security and how we will protect our digital world.  But, with so much going on, it becomes difficult to prioritize between developing our pipelines, closing deals, and learning about new innovations to protect and enhance our products. Schedule…

Medical Devices & Security Guidelines

As cyber security risks continue to grow, a number of industries are starting to take steps to ensure secured protection of products. Health Care has always been an area of concern given the sensitive nature of the data that is transferred and stored among doctor’s offices, hospitals, and insurance carriers. Recently, the Food and Drug Administrations’s…

NSA Reorganization

In December of 2015, we heard about the NSA’s proposed reorganization (its biggest in 20 years) and a few of the potential impacts it could have on the agency and industry as a whole.  One critical area that is still somewhat murky is the impact on the IAD (and NIAP) now that the group is being…

Corsec Helps CyberArk Become First Comprehensive Privileded Account Security Solution To Be Listed On The U.S. Department Of Defense’s UC APL

Corsec congratulates CyberArk, for achieving listing on the DoD’s UC APL. CyberArk’s active participation in security certifications and listing on the UC APL signifies the companies’ commitment to providing users with solid product security and CybeArk becomes the first comprehensive Privileged Account Security solution to be listed on the DoD’s UC APL. Over the past year, Corsec and…

Corsec Attending AFCEA WEST

Corsec will be in San Diego, CA for the annual AFCEA WEST conference.  “The premier naval conference and exposition on the West Coast, WEST is now in its 26th year of bringing military and industry leaders together.  Co-sponsored by AFCEA International and the U.S. Naval Institute, WEST is the foremost event in which the makers…

DTECH LABS and Corsec Complete DoD’s UC APL Listing in Record Breaking Time

We are pleased to congratulate our partner DTECH LABS (a subsidiary of Cubic) for a true partnership in product security compliance and security hardening. Corsec and DTECH together have broken the previous benchmarks in time to listing for the DoD’s UC APL.  Corsec was able to accomplish this feat in record timing, completing their listing…

CMVP Has Begun Archiving!

As previously mentioned, CMVP announced that all FIPS 140-2 validations that use Random Number Generators (RNG), as well as certifications that use both the NIST 800-90A DRBG and RNG will be required to re-validate, otherwise, they will be placed on an unprocurable products list, which mandates reaffirmation with CMVP that you can meet new standards. Today, CMVP…

EMC Adds Data Storage System To List of Common Criteria Evaluated Products

EMC continues to grow as a leader in the secured storage playing field.  Corsec would like to congratulate our partner EMC on completing the Common Criteria EAL 2+ evaluation for their product, the SourceONE v7.2.  With this certification, SourceONE will continue to be a trusted option for governments and industries which have stringent security requirements for protecting and securing…

Happy Data Privacy Day

On January 28th; the U.S., Canada, and 47 European countries take time to acknowledge the importance of privacy and data protection best practices. Although this day has its roots in protecting personal data, specifically with attention to social networking, the Internet of Things (IoT) and interconnectivity of our lives has created a new world of vulnerabilities. Businesses…

White House Updates

When the Whitehouse issued its new action plan to prevent security breaches and attacks similar to that of the OPM fiasco, part of the plan was to acknowledge a number of cybersecurity gaps; some of which will ultimately impact security certifications such as FIPS 140-2, Common Criteria, and UC APL: Nov. 13, 2015 All agencies must identify and report to…

Corsec Guides McAfee through FIPS 140-2 Level 2 Validation

After a year of collaboration and commitment, Corsec would like to congratulate our partner, McAfee, for completing the Federal Information Processing Standards 140-2 (FIPS 140-2) Level 2 validation of the McAfee Web Gateway WG5000 and WG5500 Appliances.   By partnering with Corsec, McAfee’s Gateway product is now a more secured enterprise security solutions.  Corsec’s demonstrated expertise…

Sunsetting of FIPS 140-2 Products

Over 1,500 FIPS 140-2 validated products will be facing archival by CMVP by 2017. Recently, CMVP, the governing body which oversees FIPS 140-2 validations, laid out guidelines and new regulations for validations in two distinct areas: Sunsetting of products validated prior to 2012 If your validation took place prior to January 1st 2012, then CMVP could…

EMC’s ViPR Controller Completes Common Criteria with Corsec’s Guidance

Corsec is pleased to have worked with EMC to complete the Common Criteria validation for the ViPR Controller v2.1.0.3 HF2.  With this validation, ViPR Controller will continue to be a trusted option for governments and industries who have stringent security requirements for protecting and securing data. These governments and industries mandate the highest level of security requirements…

Corsec Guides HP Smart Array RAID Controllers Through Validation

After a year of collaboration and commitment, Corsec would like to congratulate our partner, HP, for completing the Federal Information Processing Standards 140-2 (FIPS 140-2) validation of their product, the Smart Array Gen9 RAID Controllers.  These Smart Array Controllers provide encryption for data at rest and showcase HP’s commitment to helping federal organizations and global enterprises…

Corsec Guides HPE to Successful Common Criteria Certification

Congratulations to HPE for successful completion of the Common Criteria evaluation for Cloud Service Automation v4.10;  CSA has completed Common Criteria at an EAL 2+ level, and is a trusted option for governments and industries who have stringent security requirements for protecting and securing data.  The product provides an environment that can be used by cloud…

EMC Completes Another Common Criteria Certification with Corsec

Congratulations to our partner EMC on successfully completing the Common Criteria certification process for their product, Isilon OneFS v7.2.0.4.  With this validation, EMC Isilon will continue to be a trusted option for governments and industries who have stringent security requirements for protecting and securing data. These governments and industries mandate the highest level of security requirements for…

Harris Secures Portable Radios Under FIPS 140-2 With Corsec’s Help

We are pleased to announce that our partner, Harris, has successfully completed the Federal Information Processing Standards 140-2 (FIPS 140-2) validation for their product, the Harris AES Load Module (HALM).  With Corsec’s help, this module will now help ensure that their portable terminal radios offer secured lines of communication for all that use them.  The…

Corsec Helps HPE Achieve FIPS 140-2 Certification

We congratulate our partner, HP Enterprise on successfully completing the certification process for the BladeSystem c-class Virtual Connect Module under the Federal Information Processing Standards 140-2 (FIPS 140-2).  The certification underscores HPE’s commitment to providing secure and third-party validated products to Federal organizations and global enterprises. We are pleased and excited to have worked with the HPE team…

The Next Step in FIPS 140-2 and Cryptography

Changes in Security Certifications:  With the extension of the FED budget, companies have begun to plan and develop their 2016 FED sales objectives with an eye on the expanding $70B total addressable market.  These companies are looking for ways to stay abreast to all changes affecting spending at the national level, as well as initiatives…

VMware’s vSphere v5.5 Completes CC with Help of Corsec

Corsec is pleased to congratulate our partner, VMware, on completing the Common Criteria validation for it’s product; vSphere v5.5. This product was tested and validated through the most stringent of security standards receiving a validation under an EAL2+, which underscores VMware’s commitment to helping federal organizations and global enterprises secure products around the world. vSphere is now able to sell…

Stringent Common Criteria Validation of Tintri Product Complete

As the demand to process higher amounts of data and at record levels escalates, the need for secured and protected storage solutions is dramatically increasing. Corsec is pleased to announce that Tintri; a leader in the secured storage space, recently partnered with us to complete the Common Criteria validation for their product VMstore v3.1.2.1. VMstore…

Changes in Common Criteria and Product Advocacy

As companies look to their 2016 sales objectives, the allure of the FED and it’s $70 billion budget, as well as emerging markets for healthcare, finance, critical infrastructure and the Internet of Things (IoT) is insatiably appealing. As we have all seen, U.S. and international governments as well as the aforementioned industries have stronger restrictions…

HP Works with Corsec to Secure IT Products Under Common Criteria

After months of hard work and dedication, Corsec is proud to congratulate HP on successfully completing the Common Criteria validation for it’s products; SiteScope v11.30 and Operations Orchestration (OO) v10.20. These products were tested and validated through the most stringent of security standards receiving a validation under an EAL2+, which underscores HP’s commitment to helping federal organizations and…

Corsec Helps EMC Certify Two More Products Under Common Criteria

Congratulations to our partner EMC, on achieving the Common Criteria Certification for VNXe OE v3.1.1 with Unisphere and VNXe3200 hardware as well as VMAX Series Appliances with HYPERMAX OS 5977. These products were tested and validated under the Canadian Scheme, which underscores EMC’s commitment to helping federal organizations and global enterprises secure products around the world. Corsec…

Ciena Corporation Achieves FIPS 140-2 Level 3

We are pleased to announce that our partner, Ciena Corporation, has successfully completed the Federal Information Processing Standards 140-2 (FIPS 140-2) validation for their product, the 6500 4×10 Krypto Card. The certification underscores Ciena’s commitment to helping federal organizations and global enterprises secure products. Corsec is pleased and excited to have helped them reach such a monumental…

Hewlett-Packard OpsBridge Undergoes Rigorous Common Criteria Evaluation Process

Corsec is pleased to announce Hewlett Packard Development Company’s Operations Bridge Premium v2015.x solution is officially in evaluation for an EAL2+ certification under the Spanish scheme. Common Criteria evaluation of security products is mandated for commercial information security products purchased by the U.S. government for use in national security systems. HP’s participation in this process illustrates the company’s commitment…

McAfee completes FIPS 140-2 validation for Firewall Enterprise Control Center Hardware and Virtual Appliance

Congratulations to our partner, McAfee, which has successfully completed the Federal Information Processing Standards 140-2 (FIPS 140-2) validation for the McAfee® Firewall Enterprise Control Center Hardware and Virtual Appliance. The certification underscores McAfee’s commitment to helping federal organizations and global enterprises secure products. Corsec is pleased and excited to have helped them reach such a monumental…

Corsec helps Varonis reach “In Evaluation” Phase for Common Criteria Certification EAL-2

Congratulations Varonis Systems, Inc. (Nasdaq:VRNS), for reaching the Common Criteria “In Evaluation” phase on the Data Governance Suite. The certification process underscores Varonis’ commitment to helping federal organizations and global enterprises secure privileged accounts. Corsec is pleased and…

Corsec on the Road – Gartner Security & Risk Management Summit 2015

Ian Wisecarver and Jason Kozak head to Gartner Security & Risk Management Summit 2015. Corsec’s Ian Wisecarver and Jason Kozak will be joining the IT security discussion in our Nation’s Capital next week, as they meet with IT product vendors and industry leaders at the Gartner Security & Risk Management Summit 2015 in

IT Security Certifications at InfoSec 2015

Will you be at InfoSecurity 2015 this year? InfoSecurity 2015, is Europe’s largest free information security event, focused on relevant IT security issues including pressing issues like practical ways to protect information assets, recovering and securing data, and innovative strategies to discuss information security risks. Ian Wisecarver from Corsec will…

Corsec Announces FIPS 140-2 Validation for Comtech EF Data Corp.

Corsec Helps Provide a Path to Successful FIPS 140-2 Certification, Opening Government, Military and Secure Commercial Networks Markets for IT Security Products Fairfax, VA, September 10, 2014 – Corsec, the world’s leading validation solutions provider, today announced that its client, Comtech EF Data Corp., a subsidiary of Comtech Telecommunications Corp. (NASDAQ: CMTL), has achieved FIPS…

Corsec Announces Fall 2014 Global Speaking Tour

Industry Experts Selected to Deliver Critical Guidance and Insights at Leading IT Security Conferences Fairfax, VA, September 8, 2014 – Corsec, the world’s leader in providing access to new markets via third-party security validations, recently announced the lineup for its Fall 2014 Global Speaking Tour. Corsec experts will be presenting at key industry conferences on topics…

Corsec Guides ScienceLogic to Successful DoD Product Certification

IT Monitoring Software Client Gains Inclusion on the Department of Defense (DoD) Unified Capabilities Approved Products List (UC APL) Fairfax, VA, August 20, 2014 – Corsec, the world’s leading validation solutions provider, recently added ScienceLogic, Inc. to its growing list of clients who have achieved inclusion on the U.S. Department of Defense (DoD) Unified Capabilities…

NIST Successfully Slashes FIPS 140-2 Validation Wait Time Down to Record Lows

Fairfax, VA, May 14, 2011 –  Corsec Security, Inc., the leader in FIPS 140-2 and Common Criteria documentation, project management and consulting services, today announced that NIST’s Cryptographic Module Validation Program (CMVP) queue is down to a record low. This accomplishment marks a major success for the FIPS 140-2 program due to the hard work…

Corsec Security Augments Services to Provide Complete UC APL Solution for Information Security Vendors

Corsec Expands service offering to include DoD Unified Capabilities APL certification. Fairfax, VA, January 12, 2012 – Corsec Security, Inc., the leader in FIPS 140-2 and Common Criteria documentation and project management services is announcing the addition of Department of Defense Unified Capabilities Approved Product List (DoD UC APL) certification services in order to provide customers…

Corsec Completes 200th FIPS 140 & Common Criteria Certification for IT Security Vendors

Corsec Security, Inc., the leading provider of FIPS 140-2 and Common Criteria documentation and consulting services, today announced the completion of the 200th certificate they have achieved for IT Security vendors across the globe. Fairfax, VA, July 22, 2010 – Corsec Security, Inc., the leading provider of FIPS 140-2 and Common Criteria documentation and consulting…

Corsec Launches Global Expansion of Unified Capabilities Approved Product List (UC APL) Validation Services

Company Provides Path Towards Successful UC APL Inclusion, Opening United States Department of Defense Market for IT Products Fairfax, VA, February 18, 2014 – Corsec, the world’s leader in providing access to new markets via third party security validations, today announced the global expansion of its Unified Capabilities Approved Product List (UC APL) certification services. Corsec’s…

Heartbleed & Your Security Certification

Much has been in the news over the past couple of months about the security vulnerability known as Heartbleed. It is of vital interest to businesses and consumers, but especially so for businesses with products intended to provide security for their users. There are some specific and unique impacts to companies who are planning or are in the midst…

Common Criteria Certification: What Is It?

Do you need to open the door to sell your IT security product to the U.S. government? That seems like it should be a process that is simple to work through, but think again. Any IT security product that will be used by the U.S. government for national security systems, either to handle classified and even some non-classified…

Maximize ROI: Market Your Certification

Taking the time, effort and resources to achieve FIPS or Common Criteria certification or UC APL listing is a big deal. It’s not an insignificant investment, and when it’s finally completed, you want to see a significant return, right? The most obvious solution is just to sell more product. And while this may seem both simple and obvious, we all know…

Entropy Testing: Tips for Meeting Requirements

In the second post of our two-part series, we continue our discussion with panelists from Computer Sciences Corporation: Lachlan Turner, Jason Cunningham, and Maureen Barry. Continuing where we left off with last week’s post, we’ll dive deeper into entropy and answer some of the many questions now arising…

Entropy for FIPS and Common Criteria: What Is It?

In the world of cryptography, data is only safe as long as the keys used to protect that data are kept secure. While, on one hand, this means that keys must be protected against unauthorized access, it also means that keys must be created in a way that makes them difficult for an attacker to guess. To produce cryptographically strong…

Dispelling FIPS Certification Myths

There are plenty of myths out there about FIPS and what it really takes to achieve validation. During our most recent webinar, “Top 10 Myths about FIPS,” we dispelled some of those myths and gave insight into what it really means to be FIPS validated and how your company can navigate the complicated validation process because of the level of detail, time, and cost involved, there…

The First Five Steps in Your FIPS 140-2 Validation

Trying to decide whether to perform a FIPS 140-2 validation on your product? It can actually be a pretty black and white decision. If you want to sell any product containing cryptography to any U.S. government agency or department, then the answer is clear cut: you need a FIPS validation. FIPS 140-2 validation is required for products that contain…

Understanding Common Criteria Technical Working Groups

I recently had a conversation with a product vendor who was new to the Common Criteria community and it was refreshing to talk about and look at the Common Criteria “machine” from an outside perspective. One of the interesting parts of that machine is the Common Criteria User Forum (CCUF). It provides a voice and communications…

The Last Details on ICMC 2013 and What to Look for Next Year

Is it too late to talk about the International Cryptographic Modules Conference (ICMC)? Well, it really depends on how you look at it. If you were looking for a timely recap of the conference, then yes, I guess it is. But if you missed any of the details, this might be your last chance to catch up. And planning has just begun for next year’s conference…

Technical Communities: Creating Common Criteria Protection Profiles

Who is Defining the Criteria That Your Products Will Need to be Evaluated Against? I have been involved in the Common Criteria (CC) community since the first International Common Criteria Conference (ICCC) in 2000. While I spend a lot of my time down in the weeds of Common Criteria issues, it’s refreshing to look at the Common…

U.S. Government Shutdown Impacts FIPS Validations

As you know, the U.S. federal government officially shut down many of its operations. This shutdown directly affects NIST and, as a result, impacts its FIPS validation activities. We are sending you this e-mail to let you know what resources Corsec has available and how this situation will impact your validation efforts.

Updates from ICCC Include CCRA Revisions

Some of us from Corsec recently attended the 14th International Common Criteria Conference (ICCC) in Orlando, Florida, and we came away feeling that the Common Criteria (CC) community is finally coming together in many positive ways. After several years of difficult transition into defining the new CC paradigm of collaborative Protection Profiles (cPPs) and international Technical Communities (iTCs),…

Updates from the Joint CCDB/CCUF Workshop

It’s always great to get together with others from our industry to discuss advances and collaborate on moving processes forward for Common Criteria. Last month, several of us had the opportunity to work with colleagues from around the world at two separate events in Orlando, Florida. A group of us spent the first two weeks of September in Orlando, as Corsec sent multiple…

Planning Leads to Smooth Sailing in UC APL Listing: Webinar Recap

Getting your product listed on the DoD UC APL can seem like a Herculean task. We’ve talked before about the ins and outs of the entire listing process, but anyone who has considered any type of IT security validation knows that making the process as efficient as possible is as key as paying attention to the details. Last week, Corsec Co-Founder…

Common Criteria Schemes: Tips for Making the Right Choice

So many decisions, so little time. You’ve heard—and likely experienced—this mantra. And if you read this blog regularly, you’ve probably picked up on the fact that security validations involve making a whole host of decisions. When pursuing Common Criteria certification, one often perplexing, yet critical decision I hear people lament…

CSfC and Your Product Evaluation

We have recently seen an increase in the number of clients who are asking about CSfC and how to get on the CSfC Components List maintained by the National Security Agency (NSA) Information Assurance Directorate (IAD). CSfC is the acronym for the IAD’s Commercial Solutions for Classified program. It’s worth noting…

New FIPS 140-2 IG Update Released: What You Need to Know

In our recent post we talked about the recent changes to Common Criteria, FIPS, and UC APL, and the importance of putting these changes in context for your business. Today we have another change to tell you about. On July 25, CMVP issued an update to the FIPS 140-2 Implementation Guidance(IG). No matter where your module is in the…

Hot Topics for ISO/IEC JTC 1/SC 27’s WG 3: Q & A with Miguel Bañón

Last week, I shared a conversation I had with Miguel Bañón, Convenor of ISO/IEC JTC 1/SC 27’s WG 3 (work group 3), that offered an overview of the current work of the WG 3, as well as some great insight into planned changes in the areas of evaluation, testing and specification for the IT security industry. Today, we’ll…

Q&A with Miguel Bañón: A Look at ISO/IEC JTC 1/SC 27’s WG 3

At Corsec, we have the opportunity to work with many industry insiders, partners, and labs as we help our clients through the security validation process. This provides us with a unique perspective when looking at the changes occurring within the IT security space. One group of particular interest right now is the ISO/IEC JTC 1/SC 27’s WG 3…

But the Rules are Changing!

According to the ancient Greek philosopher Heraclitus, “There is nothing permanent except change.” As anyone following security certifications lately can tell you, there is a lot of truth in this statement. We have entered another period of profound change in security certifications. Putting these changes in the proper context is essential if you wish to…

Budgeting for UC APL: Plan Now, Save Later

The UC APL is on the radar screen of many companies, and with good reason. Your product or system’s inclusion on the Department of Defense Unified Capabilities Approved Products List (DoD UC APL) could have a major impact on your company’s revenue because the Army, Navy and other branches of the armed forces can only purchase and deploy systems on the…

The True Cost of FIPS 140-2 Validation

The benefits of getting FIPS 140-2 validation for your product shouldn’t be underestimated. Your FIPS 140-2 validation demonstrates your integrity and commitment to providing your customers with compliant security products and systems. But the validation process can be time consuming, complex and is an investment not to be taken lightly. So, while planning…

The FIPS Standard: Do I Revalidate?

In our recent blog post, we talked about the cost and timing you can expect if you pursue FIPS 140-2 revalidation for your product or system. We also touched on five change scenarios that necessitate revalidation. These scenarios were created by the Cryptographic Module Validation Program (CMVP), the same body that published the FIPS standard, which covers…

Call Corsec +1 703 267 6050