News Archives - Corsec Security, Inc.®

Fed Roundup: July 2022

Jake Nelson — Tue, 02 Aug 2022 13:54:46 +0000

Announcements:

The DISA Fourth Estate Network Optimization program office began migrating the Defense POW/MIA Accounting Agency from its legacy information technology network to the newly modernized IT network, DODNet
Marine Corps Col. Jared C. Voneida takes command of the Defense Information Systems Agency Pacific Regional Field Command
U.S. Army Col. Diane E. Klein takes command of the Defense Information Systems Agency Europe Field Command
Air Force Chief Master Sgt. David P. Klink retires

Updates & Announcements:

Four Post-Quantum Cryptography candidates have been announced for standardization, as well as additional candidates for a fourth round of analysis

Special Publications:

Draft 800-221A, Information and Communications Technology (ICT) Risk Outcomes: Integrating ICT Risk Management Programs with the Enterprise Risk Portfolio
Draft SP 800-221, Enterprise Impact of Information and Communications Technology Risk: Governing and Managing ICT Risk Programs Within an Enterprise Risk Portfolio
Draft SP 800-66r2 (Revision 2), Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide
Draft Project Description, Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps
Internal Report 8235, “Security Guidance for First Responder Mobile and Wearable Devices.”
SP 800-171, -171A, -172, and -172A
SP 800-53 Rev. 5

Updates & Announcements:

Protection Profile Posting:

None

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Dir of Marketing
Jnelson@corsec.com

Fed Roundup: June 2022

Jake Nelson — Wed, 29 Jun 2022 20:20:56 +0000

Announcements:

Updates & Announcements:

None

Special Publications:

Updates & Announcements:

None

Protection Profile Posting:

None

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Dir of Marketing
Jnelson@corsec.com

Fed Roundup: May 2022

Jake Nelson — Wed, 01 Jun 2022 17:23:06 +0000

Announcements:

Updates & Announcements:

None

Special Publications:

Updates & Announcements:

NIAP and other schemes have issued a statement in support of the CC content in the Cloud WG and its CC in the Cloud Essential Security Requirements (ESR), v0.3

Protection Profile Posting:

None

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Dir of Marketing
Jnelson@corsec.com

Fed Roundup: April 2022

Jake Nelson — Tue, 03 May 2022 16:58:27 +0000

Announcements:

Updates & Announcements:

None

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Dir of Marketing
Jnelson@corsec.com

Fed Roundup: March 2022

Jake Nelson — Thu, 31 Mar 2022 15:12:50 +0000

Announcements:

Updates & Announcements:

None

Special Publications:

Updates & Announcements:

None

Protection Profile Posting:

Virtual Private Network (VPN) Client, Version 2.4 and VPN Gateways, Version 1.2

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Dir of Marketing
Jnelson@corsec.com

Fed Roundup: February 2022

Jake Nelson — Wed, 02 Mar 2022 15:59:12 +0000

Announcements:

Updates & Announcements:

None

Special Publications:

Updates & Announcements:

None

Protection Profile Posting:

Protection Profile for General Purpose Computing Platforms (GPCP), Version 1.0.

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Dir of Marketing
Jnelson@corsec.com

Fed Roundup: January 2022

Jake Nelson — Tue, 01 Feb 2022 21:07:27 +0000

Announcements:

None

Special Publications & Updates:

Updates & Announcements:

None

Protection Profile Posting:

None

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Dir of Marketing
Jnelson@corsec.com

Presidential Memorandum on Securing the DoD & Intel Communities

Jake Nelson — Thu, 27 Jan 2022 21:48:22 +0000

On January 19th, 2022, President Biden signed a National Security Memorandum (NSM) to further improve the cybersecurity of the United States. This NSM signifies a renewed focus by the administration to protect National Security Systems (NSS) within the Department of Defense and the Intelligence Community.

Memorandum Overview

The National Security Memorandum (NSM) sets the bar for Department of Defense and Intelligence Community National Security Systems (NSS), extending the requirements set forth within Executive Order 14028 of May 12, 2021 (Improving the Nation’s Cybersecurity) from solely civilian agencies to all Federal Information Systems.

This new directorate stipulates the DoD and Intelligence agencies “shall adopt National Security Systems requirements that are equivalent to or exceed the cybersecurity requirements set forth” in EO 14028.

Noteworthy Actions

Similar to the previous Executive Order, the NSM outlines specific actions that agencies must take to comply with new U.S. requirements as well as steps for reporting compliance and failures, including:

Agencies shall be required to implement multifactor authentication and encryption for NSS data-at-rest and data-in-transit
All agencies shall use NSA‑approved, public standards-based cryptographic protocols to ensure widespread cryptographic interoperability. An agency shall not authorize new systems to operate that do not use approved encryption algorithms and implementations.
Agencies shall identify any instances of encryption not in compliance with NSA-approved Quantum Resistant Algorithms or CNSA, where appropriate in accordance with section 1(b)(iv)(A) and (B) of this memorandum, and shall report to the National Manager:
- systems where non-compliant encryption is being used, to include those operating under an existing waiver or exception.
- a timeline to transition these systems to use compliant encryption, to include quantum resistant encryption; and
- any exception from transition to compliant encryption, pursuant to section 3 of this memorandum, which shall additionally be reviewed by the National Manager and reported quarterly to the Secretary of Defense and the Director of National Intelligence for the systems within their respective jurisdictions.

What It Means for Product Vendors

The U.S. Federal Government has doubled down on ensuring the products it deploys utilize proper security functions, specifically as it applies to encryption. Leveraging previously issued waivers and outdated encryption methods will no longer be acceptable.

To avoid potential loss of contracts as well as removal of previously deployed solutions where cryptography was not approved, a FIPS 140-3 validated solution could be the answer. Discuss your projects, products, and security plans with your engineering team and certification consultants to ensure compliance.

About Corsec Security, Inc.

For two decades Corsec has assisted companies through the IT security certification process for FIPS 140-2 / FIPS 140-3, Common Criteria (CC) and the DoD’s APL. We are a privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.