In September, Corsec uncovered a policy change that would affect a number of Common Criteria evaluations following this NIAP announcement: “Per published NIST notifications, all non-56B-compliant key transport schemes will be disallowed in the U.S. government after 2017.”
Corsec immediately began to engage with NIAP, our customer base, our network of testing labs, and contacts within various standards certifying bodies; seeking clarification on the announcement (referred to as “Labgram #106” and “Valgram #126”) to determine the impact it would have on our customers and to the industry as a whole.
Corsec recognized that there were inherent issues with the policy, and presented these concerns to NIAP. After weeks of collaboration, NIAP agreed to rescind the Labgram and on October 31, they made the following official announcement: “NIAP has decided that Labgram #106 will be archived and no part of it will be enforced.”
As a result, Transport Layer Security (TLS) cipher suites with RSA key agreement/key transport will continue to be accepted for use within National Security Systems for the foreseeable future (the full text of NIAP’s announcement can be found here). This announcement did provide valuable insight into NIAP’s thoughts regarding the use of TLS in National Security Systems. Corsec believes that NIAP will revisit this issue, potentially after updates to NIST Special Publication 800-56 are completed.
Corsec continuously monitors all industry announcements to ensure that our customers remain informed and advised on all policy and standards changes. If you have concerns about how changes in the industry may affect your existing certification or future certification strategy, please Contact Corsec for more information.
You can also stay up to date on news and updates to standards, certifications, and requirements by subscribing to our emails and newsletter, as well as following us on social media: