Corsec helps companies complete security certifications and validations like FIPS 140-3, Common Criteria, CSfC, & the DoDIN APL / UC APL.
Everyday we rely on technology to ensure continuation of our routine day to day activities. Access to clean drinkable water, open roadways free of congestion and chaos, power to brighten our homes and businesses, and oil …
Implementing a FIPS 140-2 validation into your product is a great way to strengthen your solution, enhance your brand, and secure your bottom line. When pursuing FIPS, you will be faced with difficult and often confusing …
Taking the time, effort and resources to achieve FIPS or Common Criteria certification or UC APL listing is a big deal. It’s not an insignificant investment, and when it’s finally completed, you want to see a significant return, right? The most obvious solution is just to sell more product. And while this may seem both simple and obvious, we all know…
The benefits of getting FIPS 140-2 validation for your product shouldn’t be underestimated. Your FIPS 140-2 validation demonstrates your integrity and commitment to providing your customers with compliant security products and systems. But the validation process can be time consuming, complex and is an investment not to be taken lightly. So, while planning…
In the IT security industry, research and development teams continually race to introduce new products, while at the same time, project teams improve upon existing offerings—all scrambling to ensure that the latest versions meet security functional and assurance requirements. The goal is to bring the strongest and most secure…
Budgeting for a Common Criteria Certification can be difficult, but it’s not impossible. Understanding how to create your certification budget, and taking the necessary steps to follow through with that budget, can reduce your costs and simplify the certification process. We are frequently asked, “How much does certification cost…
Where is the most money lost in a validation? I know this is a question my customers ask themselves while making a decision on how to achieve validation. A) Is it the consultant? B) Is it in the testing laboratory? C) Is it the scope of the process? I’ll let you in on an insider secret—the correct answer is “none of the above.” You won’t lose big in validations, or in any direct expense…
For most security validations, the validation applies to a specific version of hardware and software. At the beginning of your evaluation you must choose which versions of your product you are taking through the validation process.
Your certification or validation was a significant investment of both time and money for your company. While a certification or validation can be a substantial revenue generator for your company, it will only be so if it keeps up with any changes added to your product. Over time your product will undoubtedly be enhanced, whether by new features or by bug fixes. Given the care and effort you have invested in your product development strategy, it is critical to also have a product revalidation strategy in order to maintain a validation or certification on your currently available products.