Updates by the Government and Industry about Security Certifications
Common Criteria, the internationally recognized set of guidelines (ISO 15408), which define a common framework for evaluating security features and capabilities of Information Technology security products, has been updated to CC v3.1 Release 5. This new release …
DISA’s March News DISA holds Systems Engineering, Technology, and Innovation Pre-Proposal Conference for insights on new Engineering Contract Vehicle Training offered for individuals trying to re-certify, re-accredit, or establish connectivity to the Defense Security Information Security Network …
During the recent Cryptographic Module User Forum (CMUF) meeting, CMVP, which oversees FIPS 140-2 validations in the United States and Canada, announced updates and changes to policy for stagnant modules, the historical list, and documentation …
The global encryption community will gather at the fifth annual International Cryptographic Module Conference (ICMC) in May to discuss the future of commercial cryptography and the role it plays in security of the world around …
DISA’s January News DISA focuses on Innovation during the Armed Forces Communications and Electronics Association panel NIST’s January News NIST Draft Releases: Draft Special Publication 800-12, Revision 1, An Introduction to Information Security NIST Interagency Reports: …
From the CMVP on their validation Sunsetting Policy: The CMVP is adopting a five year validation sunsetting policy, effective February 1, 2017. The CMVP will move all validation entries with most recent validation dates** prior to February 1, …
The Cryptographic Module Validation Program (CMVP), which was established by NIST to validate modules for the Federal Information Processions Standard (FIPS), has announced upcoming policy changes for the Modules In Process (MIP) list and Implementation Under Test …
DISA’s December News No December Updates NIST’s December News NIST Draft Releases: Draft Special Publication 800-188, De-Identification of Government Datasets Special Publications: SP 800-179 Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST …
DISA’s October News Those trying to establish, re-accredit, or re-certify their connections to the Defense Information Systems Network (DISN) will not have access to training provided by DISA’s Risk Adjudication and Connection Division. NIST’s October News …
DISA’s September News The DoD’s tool to detect and counter known cyber attacks, The Host Based Security System (HBSS), will be combined with other solutions to create a holistic approach to protecting our nation’s critical …
Full Drive Encryption v2.0 Collaborative Protection Profiles (FDE cPP) Published The Full Drive Encryption (FDE) international Technical Community (iTC) has published version 2.0 of the FDE Encryption Engine (EE) and FDE Authorization Acquisition (AA) cPPs …
Everyday we rely on technology to ensure continuation of our routine day to day activities. Access to clean drinkable water, open roadways free of congestion and chaos, power to brighten our homes and businesses, and oil …
Here are the monthly updates for July from the CMUF Members Meeting. Changes to the In Process List: One of the most noteworthy updates is that the CMVP will be splitting the Modules in Process …
Corsec is often asked when the next version of the Federal Information Processing Standard (FIPS 140-3), is expected to be released. It is an important question as product vendors are trying to adapt their certification strategies; …
The CCRA Management Committee Chair has announced that two more countries, Qatar and Singapore, will officially sign the Common Criteria Recognition Agreement (CCRA). The addition of of the two nations brings the total number of participants to …
DISA’s June News Lessons Learned from the First DOD Applications Migrated to the Commercial Cloud DISA Vice Director Jack Wilmer speaks on benefits of cloud solutions, including increased speed, agility, and cost savings Big Data …
The deadline is approaching for vendors that were moved to the Historical List because of their RNG use. July 1 is the last day that a lab can submit a no-cost 3Sub to move a module …
The Communications Security Establishment (CSE), the governing body of Common Criteria in Canada, has officially stated they will only accept Protection Profile (PP) based evaluations starting in September of 2017. Furthermore, they have stated that they …
NIST has released draft Special Publication (SP) 800-184, titled “Guide for Cybersecurity Event Recovery” – This draft is open to public comment until July, 11th, 2016 “The purpose of this document is to support federal agencies …
CMVP has new guidelines which went live last month via the release of Implementation Guidance (G.16). This update will affect product vendors that have not taken proper precautions with project management related to their FIPS 140-2 validations. During …