Corsec Resources
All the information and materials you need to evaluate certifications
Industry knowledge and intelligence are the backbone to confident and reliable corporate decision making. Gaining access to industry analysis, trends, and metrics can help to position you above competitors in a product saturated market.
Corsec utilizes its extensive staff and market leadership positions to acquire information and keep you abreast to industry updates. Corsec has developed a robust library of security certification resources and educational materials to drive sound corporate decision making around product hardening and security strategy.
Corsec combines two decades of security certification experience and expertise to provide you with engaging information to educate and train your employees on critical aspects of security certifications and validations. Corsec provides information to equip your internal staff as they make powerful decisions about the future of your brand and products.
CERTIFICATION MYTHS:
DoDIN APL Myths
Uncover common myths about the DoDIN APL and how to avoid costly mistakes.
FIPS 140-2 Myths
Uncover common myths about NIST’s FIPS 140-2 and how to avoid costly mistakes.
Common Criteria Myths
Uncover common myths about Common Criteria and how to avoid costly mistakes.
CERTIFICATION OVERVIEWS:
DoDIN APL Overview
A one page overview of the DoDIN APL program, requirements, and process.
FIPS 140-2 Overview
A one page overview of the FIPS 140-2 program, requirements, and process.
Common Criteria Overview
A one page overview of the Common Criteria program, requirements, and process.
CORSEC OVERVIEWS:
Corsec Line Card
An overview on Corsec, our background, and the hundreds of clients we serve.
Corsec Assessment
An overview of Corsec’s Assessment, including overviews, ROI, and outputs.
WHITEPAPERS:
FIPS Validation vs FIPS Inside
An overview on FIPS 140-2 validation vs FIPS Compliant vs FIPS Inside.
Your Human Capital Investment
Understand the total costs to undergoing certifications, including internal resource constraints.
How IT is Changing Government in the 21st Century
An in depth look at technology trends and security threats that have changed the FED landscape.
VIDEOS:
Corsec - Uniquely Us
An overview of our services, clients, and unique selling propositions.
Certs In 90 Seconds
Corsec explains how certs can help your organization in 90 seconds.
FAQ:
How Do I Get Certified?
There are three stakeholders in every security certification project.
1: The Product Vendor
Most products require changes to meet security certification requirements; some product manufacturers are able to integrate the design and documentation needed in order to meet those requirements into a regular product release cycle. The amount of time to properly design and document a product varies greatly, depending upon the nature of the changes required and the maturity level of the product being evaluated.
2: Accredited Laboratory
After a product has completed design review and meets the certification requirements, it is delivered to a testing laboratory along with all required documentation. The amount of time that laboratory testing of an individual product takes directly correlates with how well the product was designed and documented. Corsec recommends ensuring your product meets all requirements prior to entering the testing phase.
3: Scheme/Government
Once the laboratory completes its testing of a product, a report is submitted to the certifying Scheme or Government, for review. If questions or problems with the product are discovered during the review, the Scheme will ask for clarification and sometimes require further testing/documentation. Ensuring all requirements are met prior to entering Scheme review is essential to completing the process in a timely manner.
How Long Will This Take?
A typical security certification effort will take anywhere from twelve months to years from start to finish if not done properly. The time it takes to complete the process will depend heavily on certain factors: Product Changes, Certification Options, Customer Requirements, Internal Resource, Partners, etc.
Design and Documentation:
Assuming ideal circumstances, Corsec recommends planning for approximately four to six months for this effort.
Lab Testing:
If everything has been written correctly, you can move through testing in two to three months. There is no maximum time it can take for a product to successfully complete testing.
Scheme & Government Review:
Every government is different, choosing the right path for your product could make or break your certification. Review times will vary, ranging from anywhere between two weeks and four months.
How Much Does This Cost?
Costs vary greatly, depending upon the complexity of the product and the level of certification sought. Additionally, poor planning and failure to properly execute a plan have resulted in some staggering sums being spent on certification efforts.
Calculating how much a certification will cost is one of the most important activities when planning an evaluation effort.