Corsec would like to congratulate our partner, Hewlett Packard, Inc., on completing the Federal Information Processing Standard Publication 140-3 (FIPS 140-3) validation process on their HP Poly Cryptographic Module. Completion of the FIPS 140-3 validation process provides reassurance and confirmation to users of the protection of sensitive information within their environment.

To achieve this benchmark, HP partnered with Corsec, completing the validation at a Level 1 as seen in certificate #5011. For more information on the validation and to find additional details on the module’s security policy, visit NIST’s validated modules site.

To learn more about engineering your product to meet Federal and regulated industry security requirements, schedule time to speak to a Corsec engineer.

About FIPS 140

FIPS 140-2 / FIPS 140-3 are a joint effort by the National Institute of Standards and Technology (NIST) in the United States and the Communications Security Establishment Canada (CSEC), under the Canadian government. The Cryptographic Module Validation Program (CMVP), headed by NIST, provides module and algorithm testing for FIPS 140, which applies to Federal agencies using validated cryptographic modules to protect sensitive government data in computer and telecommunication systems. FIPS 140 provides stringent third-party assurance of security claims on any product containing cryptography that may be purchased by a government agency.

FIPS 140 is mandated by law in the U.S. and very strictly enforced in Canada. FIPS 140 has gained worldwide recognition as an important benchmark for third party validations of encryption products of all kinds. A FIPS 140 validation of a product provides end users with a high degree of product security, assurance, and dependability.

The HP Poly Cryptographic Module is an open-source, general-purpose cryptographic library which provides approved cryptographic algorithms to serve BoringSSL and other user-space applications. The module is intended for use in a variety of environments and any general-purpose environment that requires cryptographic primitives.

###

Corsec would like to congratulate our partner Everfox LLC on completing the Common Criteria certification process for their Everfox Data Guard product.  Everfox and Corsec worked together to complete this custom security target EAL4+ Common Criteria evaluation under the Italian Scheme.

For more information on the evaluation and to find additional details on their Security Target (ST), visit the Common Criteria Certified Products List.

Need help meeting Federal and regulated industry security requirements? Schedule time to speak to a Corsec engineer.

About Common Criteria

Common Criteria is an internationally recognized set of guidelines (ISO 15408), which define a common framework for evaluating security features and capabilities of Information Technology security products. The standard consists of several predetermined evaluation assurance levels, each one more stringent than the last. Common Criteria allows vendors to have their products tested against a chosen level by an independent third-party testing laboratory. The Common Criteria Mutual Recognition Agreement (CCRA) is a pact, which was designed to allow all evaluations up to an evaluation assurance level (EAL) 2, to be recognized by all participating countries, regardless of where the evaluation was completed. There are currently 36 countries involved in the CCRA, including the United States and Canada, with others that follow unofficially such as the EU. The U.S. government mandates Common Criteria certification of security products for federal purchases. The National Information Assurance Acquisition Policy, NSTISSP No. 11, requires agencies to purchase only those commercial security products that have met specified third-party assurance requirements and have been tested by an accredited national laboratory.

Everfox Data Guard (referred to as Data Guard) is a software product designed to inspect, validate, and filter network traffic using a flexible rules engine that allows administrators to implement data protection and sharing policies for enterprise data. Data Guard supports large enterprise systems with low administration costs, making it the ideal choice for large scale government deployments that require large volume, automated data transfers.

Data Guard was formerly known as “Forcepoint Data Guard” and the acronym FDG is still used for file names and to describe the CLI.

For more information on Everfox, visit their website.

For more than 28 years, Corsec has assisted companies through the IT security certification process for FIPS 140-2 / FIPS 140-3, Common Criteria (CC), CSfC, and the DoD (STIGs, DoDIN APL, UC APL). We are a privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.

###

Corsec would like to congratulate our partner, Sunhillo Corporation, on completing the Federal Information Processing Standard Publication 140-3 (FIPS 140-3) validation process on their Sunhillo Cryptographic Module.

To achieve this milestone, Sunhillo partnered with Corsec, completing the validation at a Level 1 as seen in certificate #5003. For more information on the validation and to find additional details on the module’s security policy, visit NIST’s validated modules site.

To learn more about engineering your product to meet Federal and regulated industry security requirements, schedule time to speak to a Corsec engineer.

About FIPS 140

FIPS 140-2 / FIPS 140-3 are a joint effort by the National Institute of Standards and Technology (NIST) in the United States and the Communications Security Establishment Canada (CSEC), under the Canadian government. The Cryptographic Module Validation Program (CMVP), headed by NIST, provides module and algorithm testing for FIPS 140, which applies to Federal agencies using validated cryptographic modules to protect sensitive government data in computer and telecommunication systems. FIPS 140 provides stringent third-party assurance of security claims on any product containing cryptography that may be purchased by a government agency.

FIPS 140 is mandated by law in the U.S. and very strictly enforced in Canada. FIPS 140 has gained worldwide recognition as an important benchmark for third party validations of encryption products of all kinds. A FIPS 140 validation of a product provides end users with a high degree of product security, assurance, and dependability.

For two decades Corsec has assisted companies through the IT security certification process for FIPS 140-2 / FIPS 140-3, Common Criteria (CC), CSfC, and the DoD’s APL. We are a privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.

###

About FIPS 140

FIPS 140-2 / FIPS 140-3 are a joint effort by the National Institute of Standards and Technology (NIST) in the United States and the Communications Security Establishment Canada (CSEC), under the Canadian government. The Cryptographic Module Validation Program (CMVP), headed by NIST, provides module and algorithm testing for FIPS 140, which applies to Federal agencies using validated cryptographic modules to protect sensitive government data in computer and telecommunication systems. FIPS 140 provides stringent third-party assurance of security claims on any product containing cryptography that may be purchased by a government agency.

FIPS 140 is mandated by law in the U.S. and very strictly enforced in Canada. FIPS 140 has gained worldwide recognition as an important benchmark for third party validations of encryption products of all kinds. A FIPS 140 validation of a product provides end users with a high degree of product security, assurance, and dependability.

Guntermann & Drunck GmbH is a leading KVM manufacturer for control room applications. G&D offers a broad range of KVM products that have been developed over their 35 years of experience with KVMs. G&D is headquartered in Germany with G&D North America headquartered in California.

The G&D Cryptographic Module 1.1.1s.006 is a cryptographic library embedded in the G&D KVM-over-IP application software. The G&D Cryptographic Module 1.1.1s.006 offers symmetric encryption/decryption, digital signature generation/verification, hashing, cryptographic key generation, random number generation, message authentication, and key establishment functions to secure data-at-rest/data-in-flight and to support secure communications protocols (including SSH and TLS 1.2/1.3).

Learn more about G&D here.

For over 27 years Corsec has assisted companies through the IT security certification process for FIPS 140-2 / FIPS 140-3, Common Criteria (CC), CSfC, and the DoD’s APL. We are a privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.

About FIPS 140

FIPS 140-2 / FIPS 140-3 are a joint effort by the National Institute of Standards and Technology (NIST) in the United States and the Communications Security Establishment Canada (CSEC), under the Canadian government. The Cryptographic Module Validation Program (CMVP), headed by NIST, provides module and algorithm testing for FIPS 140, which applies to Federal agencies using validated cryptographic modules to protect sensitive government data in computer and telecommunication systems. FIPS 140 provides stringent third-party assurance of security claims on any product containing cryptography that may be purchased by a government agency.

FIPS 140 is mandated by law in the U.S. and very strictly enforced in Canada. FIPS 140 has gained worldwide recognition as an important benchmark for third party validations of encryption products of all kinds. A FIPS 140 validation of a product provides end users with a high degree of product security, assurance, and dependability.

Skydio, Inc. is America’s leading drone manufacturer and manufacture multiple drone models and drone docks.

The Skydio Cryptographic Module 2.0 is a cryptographic library embedded in the Skydio X10, X10D, Skydio Dock and Skydio Controller. The Skydio Cryptographic Module 2.0 offers symmetric encryption/decryption, digital signature generation/verification, hashing, cryptographic key generation, random number generation, message authentication, and key establishment functions to secure data-at-rest/data-in-flight and to support secure communications protocols (including SSH and TLS 1.2/1.3).

Learn more about Skydio here.

For two decades Corsec has assisted companies through the IT security certification process for FIPS 140-2 / FIPS 140-3, Common Criteria (CC), CSfC, and the DoD’s APL. We are a privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.

About FIPS 140

FIPS 140-2 / FIPS 140-3 are a joint effort by the National Institute of Standards and Technology (NIST) in the United States and the Communications Security Establishment Canada (CSEC), under the Canadian government. The Cryptographic Module Validation Program (CMVP), headed by NIST, provides module and algorithm testing for FIPS 140, which applies to Federal agencies using validated cryptographic modules to protect sensitive government data in computer and telecommunication systems. FIPS 140 provides stringent third-party assurance of security claims on any product containing cryptography that may be purchased by a government agency.

FIPS 140 is mandated by law in the U.S. and very strictly enforced in Canada. FIPS 140 has gained worldwide recognition as an important benchmark for third party validations of encryption products of all kinds. A FIPS 140 validation of a product provides end users with a high degree of product security, assurance, and dependability.

Signify North America Corporation is a world leader in lighting for professionals, consumers, and lighting of the Internet of Things.

The Signify Trulifi Cryptographic Module 1.0 is a cryptographic library embedded in the Signify Trulifi Access Points from 6004.01 and later. The Signify Trulifi Cryptographic Module 1.0 offers symmetric encryption/decryption, digital signature generation/verification, hashing, cryptographic key generation, random number generation, message authentication, and key establishment functions to secure data-at-rest/data-in-flight and to support secure communications protocols (including SSH and TLS 1.2/1.3).

Learn more about Signify here.

For over 27 years Corsec has assisted companies through the IT security certification process for FIPS 140-2 / FIPS 140-3, Common Criteria (CC), CSfC, and the DoD’s APL. We are a privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.

Corsec would like to congratulate our partner, SolarWinds Inc., on completing the DoDIN APL process for their platform.  To achieve this milestone, SolarWinds partnered with Corsec, both teams working to harden the product against security requirements for STIG testing, CAC compliance, and IPv6.

The platform is listed under Tracking Number (TN) 2334801 as a Element Management System (EMS).  Both Interoperability (IO) certification and Cybersecurity (CS) testing were completed at a DISA Test Center of Excellence (TCOE).

For more on the listing process, visit the DISA Approved Products List and for more information on engineering your product to meet federal and regulated industry security requirements, schedule time to speak to a Corsec engineer.

About The DoDIN APL

The DoDIN APL represents the agency’s master list of secure, trusted, and approved technology infrastructure products. The DoDIN APL was developed in an effort to maintain a single consolidated list of products that have completed Interoperability (IO) and Information Assurance (IA) / Cybersecurity (CS) certification. Getting a product included on this coveted list involves a rigorous 39-step process overseen by the Approved Products Certification Office (APCO). This laborious and often confusing process involves the submission of a series of properly completed forms and product documentation, attainment of prerequisite validations, and adherence to strict scheduling guidelines and interdependencies.

SolarWinds was founded by IT professionals solving complex problems in the simplest way, and have carried that spirit forward since 1999. Their digital agility solutions are built to help companies of any size accelerate business transformation today and into the future.

For over 26 years Corsec has assisted companies through the IT security certification process for FIPS 140-2 / FIPS 140-3, Common Criteria (CC), CSfC, and the DoD’s APL. We are a privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.

###