Certification Maintenance

Certification Maintenance

Selecting A Maintenance Path

Keep your security certifications up to date and your product market ready. Each security certification has its own unique requirements for maintenance and renewal. Corsec’s engineering team helps you understand the actions needed for each security certification, specific to your product. Helping you stay on track with little to no disruption to your revenue stream.

Through change letters, assurance continuity, and desktop reviews; Corsec allows you to keep your certification valid on the must updated version of your product.  Each certification is different, requiring separate actions for updates.

FIPS 140

A FIPS 140 certification is valid for up to five (5) years on the version of the product that was tested. The FIPS 140 Implementation Guidance (IG) lists several possible change scenarios for re-validations; the changes, if any, made to your module will determine which scenario(s) apply. Corsec can help determine which scenario mostly closely aligns to the latest version of your product.

Common Criteria

A Common Criteria certification is valid for up to five (5) years on the version of the product that was tested. Common Criteria allows version information to be updated through a process called Assurance Continuity (AC).

For minor product changes, a vendor can perform “Assurance Maintenance,” a report that is attached as an addendum to the original product certification, as long as it is within two (2) years of the initial issuance date.

For major changes to the target of evaluation (TOE), evidence needs to be submitted to a laboratory and the product needs to be re-evaluated. The re-evaluation process will result in a new certificate and new listing on the CC Portal.


A DoDIN APL listing is valid for up to three (3) years on the version of the product that was tested. In order to maintain a listing on the DoDIN APL, you must complete a Desktop Review (DR) for each major product version. In such a review, a high-level assessment determines whether the product listing will simply be updated with the new version identifier, whether minimal testing must be performed on the new version prior to receiving an updated listing, or whether the product must undergo a new evaluation in its entirety.

As you release new versions of previously certified and validated products, it is crucial that you develop a security certification maintenance plan to keep up with the evolution of your technology.

Keep Products Market-Ready

Corsec helps ensure that our partners continue to benefit from the efforts they put in initially to get their products certified or validated. Corsec’s Maintenance and Compliance Service helps you determine whether a full re-evaluation is necessary, or if you can pursue other measures to continue generating revenue from your initial certification or validation.

If you have questions on the requirements around your products’ recertification or revalidation, we can help determine the best path forward with little to no disruption of your revenue stream.

Secure Your Product

  • Accelerate sales
  • Increase security
  • Reduce risk
  • Weaken competition
  • Improve branding
  • Provide customer assurance
  • Ensure high dependability
  • Prevent exclusion
  • Expand markets
  • Tailor solutions