Security Certification Maintenance

As you release new versions of previously certified and validated products, it is crucial that you develop a security certification maintenance plan to keep up with the evolution of your technology. Corsec’s Maintenance and Compliance Service helps you determine whether a full re-evaluation is necessary, or if you can pursue other measures to continue generating revenue from your initial certification or validation.

Security Certification Maintenance:

Each security certification has its own unique requirements for maintenance and renewal. Corsec’s engineering team helps you understand the specific actions you will need to take for each of their products and certifications.

FIPS 140-2
The FIPS 140-2 validation process lists five change scenarios that are used to determine if a product requires revalidation, or if documentation alone can address the changes at issue. Corsec will help determine which scenario mostly closely aligns to the latest version of your product.

Common Criteria
Common Criteria determines re-evaluation through a process called Assurance Continuity (AC). If major changes have occurred in the security environment, evidence needs to be submitted to a laboratory and the product needs to be re-evaluated. If minor changes have occurred, a vendor can perform “Assurance Maintenance,” a report that is attached as an addendum to the original product certification, as long as it is within two years of the initial issuance date.

In order to maintain a listing on the DoDIN APL, you must complete a Desktop Review (DR) for each major product version. In such a review, a high-level assessment determines whether the product listing will simply be updated with the new version identifier, whether minimal testing must be performed on the new version prior to receiving an updated listing, or whether the product must undergo a new evaluation in its entirety.

Keep Products Market-Ready

Corsec helps ensure that our partners continue to benefit from the efforts they put in initially to get their products certified or validated. If you have questions on the requirements around your products’ recertification or revalidation, we can help determine the best path forward with little to no disruption of your revenue stream.