Events Archives - Corsec Security, Inc.®

Corsec to Attend the 7th International Conference on the EU Cybersecurity and Resilience Acts

Jake Nelson — Tue, 10 Mar 2026 15:03:32 +0000

As the European Union continues to reshape its cybersecurity regulatory landscape, product vendors face a growing need for clarity, alignment, and practical guidance. Corsec is pleased to announce our attendance at the 7th International Conference on the EU Cyber Security and Resilience Acts, taking place March 24–26 in Brussels.

This year’s conference comes at a critical moment, as implementation of the Cyber Resilience Act (CRA) accelerates and the EU Common Criteria Scheme (EUCC) continues to evolve. Corsec will be on site to engage with regulators, certification bodies, industry peers, and product manufacturers to deepen our understanding—and to help translate regulatory intent into actionable security and compliance strategies.

Representing Corsec in Brussels

Corsec will be represented by Dayanandini Pathmanathan, Corsec’s Senior Program Manager for Common Criteria. With more than seven years of experience guiding Common Criteria certifications—and hands‑on involvement in FIPS 140 certification efforts—Dayanandini brings deep expertise at the intersection of product security engineering, certification schemes, and regulatory compliance. She holds a degree in Electrical Engineering and works closely with vendors navigating complex, multi‑jurisdictional requirements.

Why This Conference Matters to Product Vendors

The EU Cybersecurity Act Conference is not just about policy—it is about operational reality. For manufacturers selling into the European market, the CRA introduces new expectations around secure‑by‑design development, vulnerability handling, post‑market responsibilities, and supply‑chain accountability. At the same time, EUCC is redefining how Common Criteria evaluations are performed and recognized across Europe.

Corsec’s focus at the conference is to:

Gain deeper insight into how CRA requirements are being interpreted and operationalized
Understand how EUCC and CRA conformity assessments intersect
Collaborate with stakeholders to identify practical, scalable approaches for vendors of complex products
Bring clarity back to customers navigating overlapping standards, schemes, and enforcement timelines

Key Tracks & Sessions Corsec Will Be Following

Throughout the conference, Corsec will be actively engaging across several tracks that are particularly relevant to manufacturers:

The EU Cybersecurity Agenda 2025–2029: What It Means for Industry
This track provides a strategic view of the Commission’s priorities for the next legislative cycle, including CRA implementation, NIS 2 enforcement, and the future direction of certification schemes. For vendors, these discussions shape long‑term product and compliance planning.
From Regulation to Reality: How the EC Is Supporting CRA Implementation Across Europe
Sessions focused on how the European Commission is supporting harmonized CRA adoption offer insight into what “compliance” will look like in practice—and where flexibility or risk remains for manufacturers preparing today.
Certification in Practice: From EUCC to CRA Conformity
These discussions explore how EUCC, EUCS, and other schemes relate to CRA obligations. Understanding this mapping is essential for vendors deciding where certification adds value versus where it introduces unnecessary cost or duplication.
Designing for Lifecycle Security and Post‑Market Responsibility
CRA Articles addressing vulnerability reporting, patch delivery, and supply‑chain assurance are a major shift for many organizations. This track highlights what continuous compliance means beyond initial market entry.
Panel Discussion: AI Act Cybersecurity—Real-World Risks, Requirements, and What Comes Next
“The EU’s AI Act introduces sweeping new cybersecurity expectations—along with plenty of uncertainty. In this panel discussion, experts will break down how the rules reshape AI deployment, what “compliance” actually requires in practice, and where the biggest technical and organizational challenges lie. Panelists will provide a clear view of the security measures regulators expect, how to implement them without blowing up existing workflows, and what these obligations mean for your company’s risk landscape.”
The Cost of Compliance: New Realities for Testing, Assessment, and Post-Market Obligations
As assessment, testing, and post‑market obligations expand, vendors must budget realistically for long‑term compliance. This track addresses the emerging cost structures and tradeoffs organizations will face.
What Market Surveillance Authorities Expect from Manufacturers under the CRA
“What manufacturers need to provide under the CRA, information and supporting evidence to enable verification of compliance and assurance of requirements.”
Too Much Already, Supply Chain Security? A Sensible Approach to Rating True Potential Vulnerabilities Is Needed
“Threat modeling and product-context analysis to cut through the ~140 daily EUVD CVE filings and distinguish real, exploitable vulnerabilities from inflated worst-case assessments.”
Vulnerability Management in Consumer IoT: Why No IoT Manufacturer Is Ready for CRA Vulnerability Management (And How to Fix It)
With increasing scrutiny from Market Surveillance Authorities, manufacturers must be prepared to demonstrate not only secure design, but effective vulnerability monitoring, reporting, and remediation over time.
Panel Discussion: Navigating Fragmented Global Cyber Regulations
With overlapping global frameworks—from CRA and EUCC to international standards—this panel addresses whether meaningful harmonization is achievable and what manufacturers can do in the meantime.

Corsec’s Approach: Learn, Collaborate, Guide

Corsec’s participation reflects our commitment to learning directly from regulators and peers, collaborating across the ecosystem, and using those insights to guide product vendors with clear, experience‑based recommendations. Our goal is not just compliance—but helping vendors build security programs that are defensible, sustainable, and aligned with real regulatory expectations.

Looking Ahead

This conference is an important step in an ongoing conversation. Following the event, Corsec will share insights and observations on what manufacturers should be paying attention to as CRA enforcement approaches and EUCC continues to mature.

If you are preparing for CRA, evaluating EUCC certification paths, or reassessing your vulnerability management and post‑market strategies, we encourage you to connect with Corsec to discuss how these developments may impact your products and roadmap.

Stay tuned for post‑conference insights from Brussels.

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Dir of Marketing
Jnelson@corsec.com

The post Corsec to Attend the 7th International Conference on the EU Cybersecurity and Resilience Acts appeared first on Corsec Security, Inc.®.

Corsec at Modern Day Marine 2016

Jake Nelson — Fri, 23 Sep 2016 19:10:39 +0000

Next week Corsec will be joining thousands of government leaders, industry partners, and members of academia at Modern Day Marine in Quantico, VA to discuss the future of technology within the DoD.

Companies looking to meet the security requirements of the Marine Corp and sell their solution within the Department of Defense (DoD) will need to evaluate their product for high levels of security. In 2011, the DoD created their Department of Defense’s Information Network Approved Products List (DoDIN APL) to identify solutions that were trusted to address government security concerns. The DoDIN APL represents the agency’s master list of products available for purchase that are secure, trusted and approved for deployment within the technology infrastructure. Only those companies and products listed are available to the Marine Corp for purchase.

Come join Corsec and discuss how you can get listed on the DoDIN APL and sell into the U.S. military. Schedule your time slot today.

More About the Conference:

“Modern Day Marine is co-sponsored by Marine Corps Base, Quantico, the Exposition’s home base. MCB Quantico, home to the Combat Development Command and the Marine Corps Systems Command, is responsible for setting requirements, developing equipment and systems and purchasing the equipment and systems that the Marine Corps will rely on in the years to come. These vital and unique functions play a large part in positioning Modern Day Marine as the premier military equipment, systems, services and technology exposition.”

The post Corsec at Modern Day Marine 2016 appeared first on Corsec Security, Inc.®.

Corsec Discusses Product Security At BlackHat

Jake Nelson — Thu, 28 Jul 2016 17:01:01 +0000

BlackHat USA is on the horizon and product security enhancement is a huge focal point this year. Modern-day cryptography provides a level of security that was previously unimagined, but how do we ensure that the precautionary steps we are taking are sufficient to protect our products from prevailing attacks and hackers?

Evaluate Your Crypto and Protect Your Investments:

Security certifications like FIPS 140-2, Common Criteria and listing on the DoD’s UC APL utilize new mathematical theories and industry-driven computer science practices that safeguard our products and meet the stringent government requirements mandated for product hardening and security by our customers.

In the last year we have seen three new major vulnerabilities, all exploiting weak cryptography. Enhancing the security of your product helps ensure market credibility, future business, and customer confidence.

Learn More About Recent Attacks

Eliminate Competition, Increase Revenue, Improve Customer Confidence, and Secure Your Bottom Line:

Corsec has been helping organizations of all sizes achieve security certification and validation for nearly two decades. With the largest team of engineering experts, and over 425 certifications, Corsec leads the market in security certification validations.

A successful FED strategy starts with understanding the landscape, requirements, and development of a comprehensive security solution that adheres to third party guidelines.

The post Corsec Discusses Product Security At BlackHat appeared first on Corsec Security, Inc.®.

Updates From Around the Globe

Jake Nelson — Tue, 24 May 2016 14:47:38 +0000

Over the past two months Corsec has traveled from Seoul, Korea to Ontario, Canada in order to attend security certification events such as the Common Criteria Users Forum (CCUF), and the International Cryptographic Module Conference (ICMC). The discussions held as these events have given Corsec insight on changes that are coming to certification requirements, updates on the strategic outlook and vision of the governing bodies that oversee the certifications, as well as general industry news and announcements.

Corsec now brings you a snapshot of the most important takeaways from each event:

Common Criteria Users Forum (CCUF) – Seoul, Korea

The National Information Assurance Partnership (NIAP), which governs Common Criteria in the United States, is trying to find ways to increase testing automation in order to reduce time and costs.
Both the Common Criteria Users Forum and the Common Criteria Development Board (CCDB) have developed working groups focused on international cryptography. There is a new Deterministic Random Bit Generator (DRBG) subgroup in the CCUF Working Group.
The CCUF Working Group has been discussing what they feel the DRBG information requirements should include. Thus far, the focus has been on DRBG architecture, strength of entropy generated (using published analysis tools), whiting techniques used, how and where entropy is stored, how is entropy pushed to Random Number Generators (RNG), how does reseeding work, and is the entropy source immediately ready or does it need operating time to ensure the pool is random?
The CCUF Working Group felt that a good entropy solution should have multiple entropy sources that blend together, while making sure that one source does not provide the majority of the entropy. This could affect future entropy claims and documentation in the future.
The CCDB is working on a Common Criteria Recognition Arrangement (CCRA) wide policy of sunsetting certifications after 5 years.
A group has been formed to focus on better understanding how the Common Criteria evaluation framework could apply to other bodies and industries such as Automotive, IoT, Financial, Medical, and new nation states.
The Management Group presented a summary of the CCUF Strategic Plan as well as the Proposal for Incorporation.

International Cryptographic Module Conference (ICMC) – Ontario, Canada

This years conference saw a 25% growth in attendance despite holding one almost six months rather than one year after the last.
This larger attendee list included 23 labs and their staff, government officials, industry experts, and vendors.
NIST and NIAP presented an update on their collaboration efforts. NIST and NIAP have a reinvigorated relationship and are working to eliminate duplicative testing requirements, thus Common Criteria will accept FIPS testing from the Cryptographic Module Validation Program (CMVP) and are working towards allowing the reverse. They are also working on remapping Common Criteria and FIPS 140-2 profiles against NIAP-accepted protection profiles.
NIST, who governs FIPS in the United States, says they are working on FIPS 140-3 wrappers to point to ISO/IEC 19790 and ISO/IEC 24759.
NIST is working on a license with ANSI to post the standards without fee during the open comment period. They intend to pursue the use and adoption of these international standards wherever possible. They hope to announce the schedule for this by December of this year.
The Communications Security Establishment (CSE), who oversees Common Criteria in Canada announced a new Medium Assurance program to protect SECRET data in Canada. Similar in goals to the CSfC program in the United States, it will leverage commercial solutions and require FIPS 140-2 and Common Criteria. They will publish Medium Assurance solutions that can meet government needs without needing a Type 1 product.
The CMVP will move forward with a policy to sunset all certificates that are older than 5 years starting February 2017. The date of the last validation activity will be used to measure the 5 years. Vendors should be motivated to seek a simple FIPS re-certification (1SUB) if they can and their certificate will be valid for another 5 years.
The CMVP is officially tracking demerit points for each CMVP lab. Labs are given demerit points when they submit a final test report that is not up to the CMVP expectations. The program has been officially under way since October 2015 and several labs have demerit points at this point. When a lab reaches a threshold of points the lab must cease ALL evaluation work until a lab reaccreditation can be performed.

For additional information on either conference or to set up some time to talk to our experts, Contact Us.

To stay up to date on all conference events, industry news, and general security certification information, follow us on Twitter, LinkedIn, Facebook, and Google+.

The post Updates From Around the Globe appeared first on Corsec Security, Inc.®.

Cybersecurity Innovation Forum

Jake Nelson — Mon, 16 May 2016 18:34:58 +0000

Corsec recently attended the Cybersecurity Innovation Summit at George Mason University in Fairfax, VA. This event created a platform for discussions on the recent advancements in cybersecurity and the evolving challenges security experts face. Among those attending, were members of Academia, Industry and the Federal Government.

Corsec’s CEO, Mathew Appler, attended the summit and has commented on the importance of the school systems and the local community as a whole investing in young adults as they further their studies in cybersecurity.

Corsec continues to work with local schools and universities, promoting education for the security field. To learn more about Corsec’s programs and positions open to current students, visit our team openings page.

To learn more about the summit or about other security related events visit here.

The post Cybersecurity Innovation Forum appeared first on Corsec Security, Inc.®.

Corsec Speakers and Attendance at ICMC

Jake Nelson — Fri, 13 May 2016 16:50:52 +0000

As previously posted, next week in Ottawa, Ontario, Canada, hundreds of global leaders in the commercial encryption community will gather at the fourth annual International Cryptographic Module Conference (ICMC).

Corsec’s President John Morris will be joining the list of Corsec employees speaking this year. John will be taking an in-depth look at the economic costs and rewards of pursuing federal certifications. Additionally, John will be on the panel discussing the value of certifications in industries around the globe. He is joined by his industry colleagues; Steve Weingart, Manager of Public Sector Certifications, Aruba, an HP Enterprise Company; Jon Green, CTO, Aruba Government Solutions, Aruba, a Hewlett Packard Enterprise company; and Shawn Wells, Chief Security Strategist, Public Sector, Red Hat. This group will focus on what it will take for FIPS 140-2, ISO/IEC 19790, and Common Criteria to be a best practices or requirements in health care, automotive, financial, IoT and other industries.

In addition to John, Corsec’s Vice President Matt Keller will be giving an update on the CMUF, and leading a discussion on the future of security.

ICMC is always a great event for coordination of the international standardization of FIPS 140-2 and Common Criteria. There are six leading tracks to be developed:

Advanced Technology Track
Certification Programs
General Technology
User Experience Track
Industry Vertical/Embedded Crypto Track
Common Criteria and Crypto Track

Stay up to date with Corsec as we help to shape the future of validations. You can also follow us on twitter @CorsecSecurity to get live updates from the conference.

The post Corsec Speakers and Attendance at ICMC appeared first on Corsec Security, Inc.®.

Corsec’s Matt Keller Attending 2016 ICMC

Jake Nelson — Tue, 26 Apr 2016 11:57:15 +0000

Next month in Ottawa, Ontario, Canada, hundreds of global leaders in the commercial encryption community will gather at the fourth annual International Cryptographic Module Conference (ICMC). Corsec’s Matt Keller, who also serves as CMUF Management Representative, will be presenting and recently was quoted in a release by the ICMC.

“ICMC, presented by the Cryptographic Module User Forum, was established as a forum on encryption standards set by the National Institute of Standards and Technology (NIST), the Communications Security Establishment (CSE) of Canada, the National Information Assurance Partnership (NIAP) managed by the NSA, and other international bodies. These organizations, amongst others, will make presentations at the conference regarding new standards, validation efforts, and perceived threats.

Moving beyond encryption standards, this year’s conference has added sessions on cryptography for mobile applications, connected vehicles, and the expanding internet of things. “Encryption is the foundation of most data security,” said CMUF management representative Matt Keller, “so the conference brings together technology leaders in sectors like semiconductors, telecom, automotive, and electronics OEM. This new content is a natural evolution for the conference.”

Development of the conference agenda is ongoing. “The industry is constantly changing, and we want to make sure content is up-to-the-minute,” said ICMC project director Bill Rutledge. Recently added sessions will cover Enhanced Data Protection on Apple iOS 9 devices leveraging the Secure Enclave Processor, and new hardware security features on Android devices using ARM TrustZone technology. Other announcements are forthcoming. Complete information about ICMC can be found at sitdev.icmconference.org”

Stay connected to Corsec as Matt attends the conference, and stayed tuned to updates on our twitter page.

The post Corsec’s Matt Keller Attending 2016 ICMC appeared first on Corsec Security, Inc.®.

Corsec at RSA 2016

Jake Nelson — Mon, 22 Feb 2016 20:45:09 +0000

RSA is on the horizon and everyone is getting excited. Each year product vendors convene to discuss security and how we will protect our digital world. But, with so much going on, it becomes difficult to prioritize between developing our pipelines, closing deals, and learning about new innovations to protect and enhance our products.

Schedule time now to talk to Corsec about how Product Hardening through security certifications can eliminate competition, increase revenue, improve customer confidence and open new markets.

Protect Your Brand, Protect Your Product, Protect Your Bottom Line

Corsec has been helping organizations of all sizes achieve security certification and validation for nearly two decades. With the largest team of independent engineering experts, Corsec has worked on over 425 certifications, leading the market in security certification validations.

Calendars are filling up, but it’s not too late to set up a time to talk. Contact us now to better understand how we can help your company with security hardening.

The post Corsec at RSA 2016 appeared first on Corsec Security, Inc.®.

Corsec Attending AFCEA WEST

Jake Nelson — Tue, 09 Feb 2016 14:39:52 +0000

Corsec will be in San Diego, CA for the annual AFCEA WEST conference. “The premier naval conference and exposition on the West Coast, WEST is now in its 26th year of bringing military and industry leaders together. Co-sponsored by AFCEA International and the U.S. Naval Institute, WEST is the foremost event in which the makers of platforms and the designers of technologies can network, discuss and demonstrate their solutions in a single locale.”

WEST provides a stage to discuss the threats that face the warfighter as well as a forum to learn more about the most pressing issues surrounding IT security and security certifications. With speakers, including leadership from the Navy, Marines and more, product vendors will have an amble opportunity to engage directly with their customers. In order to sell into these lucrative DoD markets, listing on the DoDIN APL is mandatory. If you are attending the show, come talk to us and learn how to quickly get listed, just like our recent partners, who were able to do so in record breaking time!

If you are not able to make the show, Contact Us to get updates and receive your monthly report on certification news and changes.

The post Corsec Attending AFCEA WEST appeared first on Corsec Security, Inc.®.

Happy Data Privacy Day

Jake Nelson — Thu, 28 Jan 2016 19:33:50 +0000

On January 28th; the U.S., Canada, and 47 European countries take time to acknowledge the importance of privacy and data protection best practices.

Although this day has its roots in protecting personal data, specifically with attention to social networking, the Internet of Things (IoT) and interconnectivity of our lives has created a new world of vulnerabilities. Businesses and individuals are faced with mounting threats and the implementation of sound and trusted security processes is paramount.

Soon, all of our cars, homes, and wearables will be linked (if they aren’t already); sharing and granting access to our sensitive data. Yet, most of the time, we don’t think about how these devices work and how the information is protected. By institutionalizing third party validations and security certifications, we can guarantee this information is protected from those with malicious intent.

Already certain industries have begun to use security certifications such as Common Criteria in order to provide device security hardening. Common Criteria is an internationally recognized set of guidelines for information technology security products. It provides assurance to buyers that the process of specification, implementation and evaluation for any certified computer security product was conducted in a thorough and standard manner.

After two individuals proved that hacking a connected car was not merely feasible, but entirely practicable, industry began to react. Fields like the connected car and IoT have begun to adopt certifications to prevent security breaches that could put our personal data at risk, or even worse, our personal safety.

As technology advances, we have the opportunity to create a world where life is easier and we open lines of communication that were once unfathomable. As this happens, we all need to be more aware and proactive to ensure we are working together to secure our digital world.

The post Happy Data Privacy Day appeared first on Corsec Security, Inc.®.