Certification Updates

Updates by the Government and Industry about Security Certifications

niap

NIAP’s Targeted Assurance Protection Profiles: Different, Not Less Secure

One way for a product vendor to make sure that a product undergoing a Common Criteria (CC) evaluation is providing expected security functionality is to conform to a Protection Profile (PP) for that product type. PPs outline the appropriate security functionality for a given product type, and are usually…

CC-Certification-Common-Criteria-Certification

More from the ICCC: Update on CNSSP #11 and Common Criteria

In my last post, I brought everyone up to speed on some happenings from the recent ICCC Conference in Orlando, including the revised Common Criteria Recognition Arrangement (CCRA) and its implications. There was a great deal of other discussion on various topics of interest, including the subject of collaboration…

blank

U.S. Government Shutdown Impacts FIPS Validations

As you know, the U.S. federal government officially shut down many of its operations. This shutdown directly affects NIST and, as a result, impacts its FIPS validation activities. We are sending you this e-mail to let you know what resources Corsec has available and how this situation will impact your validation efforts.

CC-Certification-Common-Criteria-Certification

Updates from ICCC Include CCRA Revisions

Some of us from Corsec recently attended the 14th International Common Criteria Conference (ICCC) in Orlando, Florida, and we came away feeling that the Common Criteria (CC) community is finally coming together in many positive ways. After several years of difficult transition into defining the new CC paradigm of collaborative Protection Profiles (cPPs) and international Technical Communities (iTCs),…

CC-Certification-Common-Criteria-Certification

Updates from the Joint CCDB/CCUF Workshop

It’s always great to get together with others from our industry to discuss advances and collaborate on moving processes forward for Common Criteria. Last month, several of us had the opportunity to work with colleagues from around the world at two separate events in Orlando, Florida. A group of us spent the first two weeks of September in Orlando, as Corsec sent multiple…

FIPS 140-2, FIPS 140-2 validation, FIPS Validation, FIPS 140-2 process, FIPS Inside, FIPS Compliant

New FIPS 140-2 IG Update Released: What You Need to Know

In our recent post we talked about the recent changes to Common Criteria, FIPS, and UC APL, and the importance of putting these changes in context for your business. Today we have another change to tell you about. On July 25, CMVP issued an update to the FIPS 140-2 Implementation Guidance(IG). No matter where your module is in the…

FIPS 140, CSfC, Common Criteria, UC APL

But the Rules are Changing!

According to the ancient Greek philosopher Heraclitus, “There is nothing permanent except change.” As anyone following security certifications lately can tell you, there is a lot of truth in this statement. We have entered another …

Read more

blank

Budgeting for Certifications: Avoid Cost Creep

Budgeting for a Common Criteria Certification can be difficult, but it’s not impossible. Understanding how to create your certification budget, and taking the necessary steps to follow through with that budget, can reduce your costs and simplify the certification process. We are frequently asked, “How much does certification cost…

FIPS 140-2, FIPS 140-2 validation, FIPS Validation, FIPS 140-2 process, FIPS Inside, FIPS Compliant

What You Need to Know about FIPS 140-2, OpenSSL, and the new IG Requirement

You may have heard about the new interpretation of the mandatory requirement in Section 9.5 of the Implementation Guidance (IG) document, a key component of FIPS 140-2 documentation issued by the Cryptographic Module Validation Program (CMVP). This interpretation is causing conflicts with the architecture of the OpenSSL validations and how OpenSSL’s validation applies to customers using their software.

Read more