CMUF Monthly Update: June
The deadline is approaching for vendors that were moved to the Historical List because of their RNG use. July 1 is the last day that a lab can submit a no-cost 3Sub to move a module …
FIPS 140-2
Ixia Products Reach “In Process” for FIPS 140-2
Corsec would like to congratulate our partner, Ixia, which provides testing, visibility, and security solutions to strengthen applications across physical and virtual networks; on being listed on the “In Process” list for two of their FIPS 140-2 validations. Ixia’s products, the VisionONE …
Event Recovery and PIV Updates from NIST
NIST has released draft Special Publication (SP) 800-184, titled “Guide for Cybersecurity Event Recovery” – This draft is open to public comment until July, 11th, 2016 “The purpose of this document is to support federal agencies …
Poor Project Management Could Derail Your Certification Efforts
CMVP has new guidelines which went live last month via the release of Implementation Guidance (G.16). This update will affect product vendors that have not taken proper precautions with project management related to their FIPS 140-2 validations. During …
FIPS 140-2 Sunset Policy Update!
CMVP; the governing body that oversees U.S. FIPS 140-2 validations, has made drastic changes over the past year to policy governing product certification longevity. This week they went one step further and have now updated …
Updates From Around the Globe
Over the past two months Corsec has traveled from Seoul, Korea to Ontario, Canada in order to attend security certification events such as the Common Criteria Users Forum (CCUF), and the International Cryptographic Module Conference (ICMC). The discussions …
Corsec Speakers and Attendance at ICMC
As previously posted, next week in Ottawa, Ontario, Canada, hundreds of global leaders in the commercial encryption community will gather at the fourth annual International Cryptographic Module Conference (ICMC). Corsec’s President John Morris will be joining …
Vocera Completes FIPS Validation
Corsec would like to thank and congratulate our partner Vocera Communications on completing the Federal Information Processing Standard for their Vocera Cryptographic Module v3.0 (#0894). This module has now completed and finalized all the necessary requirements for …
Sonus Completes Another FIPS 140-2 Validation
Corsec would like to thank and congratulate our partner Sonus Networks Inc., on completing the FIPS 140-2 validation process for the Session Border Controller (SBC) 5110/5210. After a year of hard work, the Sonus SBC 5110/5210 …
HPE Adds FIPS 140-2 to BladeSystem Certification List With Corsec Guidance
Corsec would like to congratulate our partner HPE, on successfully completing yet another security certification for the HP BladeSystem, this time on the Onboard Administrator Firmware version 4.40. This is the third certification in recent months …
Corsec Helps HP BladeSystem Complete Another Certification
Corsec would like to congratulate our partner, HP Enterprise on successfully completing the FIPS 140-2 validation process for the HPE BladeSystem c7000 and c3000 Enclosure with OA v4.40 and iLO 4 v2.11. These certifications underscore HPE’s commitment to providing …
Sonus Completes FIPS 140-2 Validation
Corsec would like to thank and congratulate our partner Sonus Networks Inc., on completing the FIPS 140-2 validation process for the Session Border Controller (SBC) 7000. After a year of hard work, the Sonus SBC 7000’s achieved …
EMC Completes FIPS Validation On VNX Product with Corsec Guidance
Corsec would like to thank and congratulate our partner, EMC, on completing yet another security certification. EMC has finished the Federal Information Processing Standard 140-2 (FIPS 140-2) validation of their product, the VNX 6Gb/s SAS …
OpenSSL Patches: Two New Named Attacks
In addition to the new vulnerabilities identified in January of this year, OpenSSL has once again had to release a slew of patches to correct problematic areas, which could ultimately affect your FIPS validation, Common Criteria …
NIST’s Draft PUB on Entropy and RNG
Last month NIST released a draft publication on sources of Entropy and randomness in protecting sensitive data. The draft “Special Publication 800-90B, Recommendation for the Entropy Sources Used for Random Bit Generation”, is intended to help product vendors …
CMVP Has Begun Archiving!
As previously mentioned, CMVP announced that all FIPS 140-2 validations that use Random Number Generators (RNG), as well as certifications that use both the NIST 800-90A DRBG and RNG will be required to re-validate, otherwise, they will …
Cryptography, FIPS 140-2, and Lab Changes – What You Need to Know
Corsec brings highlights from recent events – offering insight into the future of Cryptographic Validations, Lab Reviews, and a potential new Inter-Agency Agreement. Cryptographic Validations, Quo Vadis? and apropos of FIPS 140-2 Cryptographic validations currently do …
FIPS Compliance and OpenSSL
Product vendors often rely on OpenSSL to meet FIPS requirements. With the new CMVP requirements and regulations, vendors using certain versions of the OpenSSL cryptographic library to meet FIPS 140-2 requirements are in jeopardy of being out of …
Corsec Guides McAfee through FIPS 140-2 Level 2 Validation
After a year of collaboration and commitment, Corsec would like to congratulate our partner, McAfee, for completing the Federal Information Processing Standards 140-2 (FIPS 140-2) Level 2 validation of the McAfee Web Gateway WG5000 and …
Corsec Guides HP Smart Array RAID Controllers Through Validation
After a year of collaboration and commitment, Corsec would like to congratulate our partner, HP, for completing the Federal Information Processing Standards 140-2 (FIPS 140-2) validation of their product, the Smart Array Gen9 RAID Controllers. …