DISA Cloud Migration
In 2013, the Defense Informations Systems Agency (DISA) developed an on-premise cloud solution for the DoD – milCloud 1.0. DISA continues to operate and manage this solution, but since its inception, cloud based services have …
Security Certifications
All information relevant to Security Certifications
Updates From Around the Globe
Over the past two months Corsec has traveled from Seoul, Korea to Ontario, Canada in order to attend security certification events such as the Common Criteria Users Forum (CCUF), and the International Cryptographic Module Conference (ICMC). The discussions …
Recent NIST Releases
NIST Releases “Best Practices Guide for Personal Identity Verification (PIV)-enabled Privileged Access” In response to the Office of Management and Budget (OMB)’s Cybersecurity Strategy and Implementation Plan, NIST has released their best practices guide for Personal Identity Verification …
Cybersecurity Innovation Forum
Corsec recently attended the Cybersecurity Innovation Summit at George Mason University in Fairfax, VA. This event created a platform for discussions on the recent advancements in cybersecurity and the evolving challenges security experts face. Among those attending, were members of …
DISA Updates Cloud Computing Security
Last week, the Department of Defense (DOD) released an update to the Cloud Computing Security Requirements Guide (CC SRG) through the Chief Information Office and the Defense Information Systems Agency (DISA). This update provides guidance …
Pentagon Increases Spending On Cyber Defense
Defense Secretary Ashton Carter announced that the Pentagon would be spending an additional $900 million in 2017 to enhance cyber defense measures. This comes after last years hack of the Office of Personnel Management (OPM), resulting …
SCAP: New Revision Available
The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) has released the fourth revision of their Internal Report covering SCAP Version 1.2 Validation Program Test Requirements. SCAP or the “Security Content Automation Protocol” is …
OpenSSL Patches: Two New Named Attacks
In addition to the new vulnerabilities identified in January of this year, OpenSSL has once again had to release a slew of patches to correct problematic areas, which could ultimately affect your FIPS validation, Common Criteria …
Entropy and RNG – NIST’s Draft SP 800-90B
Last month NIST released a draft publication on sources of Entropy and randomness in protecting sensitive data. The draft Special Publication “SP 800-90B, Recommendation for the Entropy Sources Used for Random Bit Generation”, is intended to …
Corsec at RSA 2016
RSA is on the horizon and everyone is getting excited. Each year product vendors convene to discuss security and how we will protect our digital world. But, with so much going on, it becomes difficult …
Medical Devices & Security Guidelines
As cyber security risks continue to grow, a number of industries are starting to take steps to ensure secured protection of products. Health Care has always been an area of concern given the sensitive nature of …
Targeting the DoD? The Different Paths to Military Sales
With the military’s love of acronyms and the many and varied requirement definitions, understanding how to break into Department of Defense (DoD) sales can be a daunting proposition. How do these DoD and international requirements …
Obama Signs Executive Orders
President Obama created two new executive orders on Tuesday: The first, a Commission on Enhancing National Cybersecurity, dedicated to “enhance cybersecurity awareness and protections at all levels of Government, business, and society, to protect privacy, to ensure public safety …
Corsec Attending AFCEA WEST
Corsec will be in San Diego, CA for the annual AFCEA WEST conference. “The premier naval conference and exposition on the West Coast, WEST is now in its 26th year of bringing military and industry …
High Severity OpenSSL Vulnerability
On January 28th, 2016, OpenSSL released a patch to update a high risk vulnerability. It was discovered and reported that prime “files may not be “safe”. Where an application is using DH configured with parameters …
CMVP Has Begun Archiving!
As previously mentioned, CMVP announced that all FIPS 140-2 validations that use Random Number Generators (RNG), as well as certifications that use both the NIST 800-90A DRBG and RNG will be required to re-validate, otherwise, they will …
Happy Data Privacy Day
On January 28th; the U.S., Canada, and 47 European countries take time to acknowledge the importance of privacy and data protection best practices. Although this day has its roots in protecting personal data, specifically with …
White House Updates
When the Whitehouse issued its new action plan to prevent security breaches and attacks similar to that of the OPM fiasco, part of the plan was to acknowledge a number of cybersecurity gaps; some of which will ultimately impact …
The Next Step in FIPS 140-2 and Cryptography
Changes in Security Certifications: With the extension of the FED budget, companies have begun to plan and develop their 2016 FED sales objectives with an eye on the expanding $70B total addressable market. These companies …
Stringent Common Criteria Validation of Tintri Product Complete
As the demand to process higher amounts of data and at record levels escalates, the need for secured and protected storage solutions is dramatically increasing. Corsec is pleased to announce that Tintri; a leader in …