Cloud-based Archives - Corsec Security, Inc.® https://www.corsec.com/tag/cloud-based/ Corsec helps companies complete security certifications and validations like FIPS 140-3, Common Criteria, CSfC, & the DoDIN APL / UC APL. Wed, 26 Feb 2025 16:24:33 +0000 en-GB hourly 1 https://www.corsec.com/wp-content/uploads/cropped-Corsec-Logo-SiteMap-32x32.png Cloud-based Archives - Corsec Security, Inc.® https://www.corsec.com/tag/cloud-based/ 32 32 Common Criteria Evaluations for Cloud-Based SaaS Products https://www.corsec.com/cc-cloud-based-saas/ Wed, 26 Feb 2025 16:23:35 +0000 https://www.corsec.com/?p=21135 The post Common Criteria Evaluations for Cloud-Based SaaS Products appeared first on Corsec Security, Inc.®.

]]>

New Policy for Cloud-based SaaS Solutions

The National Information Assurance Partnership (NIAP), the government agency that oversees Common Criteria evaluations in the U.S., has announced a new policy allowing evaluations of cloud-based SaaS products.

The new policy outlines the requirements for evaluation submissions claiming conformance against protection profiles that are able to be used with applications in the cloud. These requirements fall into the following areas:

  • Assurance and Evaluation Activities
  • Suitability Review
  • Remote Testing
  • Mutual Authentication
  • Federal Risk and Authorization Management Program (FedRAMP)
  • Platform Functionality
  • Evaluated Configuration
  • Public Vulnerability Search

The announcement is significant as it reflects NIAP’s dedication to updating requirements of evolving and emerging technologies.

For help with a Cloud-Based SaaS product evaluation or any other certification, contact Corsec directly!

What is Common Criteria?

Common Criteria is an international cybersecurity standard recognized by 33 countries, or schemes. 18 of these schemes participate as certificate authorizing entities). While Common Criteria offers a common framework for evaluating products, each national certifying scheme was allowed to establish their own rules for doing so. Over the years certain nations have made more large scale changes to the framework. While these changes initially create turmoil, the Common Criteria community works to integrate the changes in the overall framework. We see this with NIAP in the U.S. when they moved to certifying only Protection Profile based certifications.

We are now seeing it again, as the EU, and specifically ENISA, have created the EUCC.

###

About Corsec Security, Inc.

For two decades Corsec has assisted companies through the IT security certification process for FIPS 140-2 / FIPS 140-3, Common Criteria (CC), CSfC, and the DoD’s APL. We are a privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

LinkedIn     Twitter    Facebook

Press Contact:

Jake Nelson
Corsec Director of Marketing
jnelson@corsec.com

The post Common Criteria Evaluations for Cloud-Based SaaS Products appeared first on Corsec Security, Inc.®.

]]>