All information relevant to Security Certifications
Corsec is often asked when the next version of the Federal Information Processing Standard (FIPS 140-3), is expected to be released. It is an important question as product vendors are trying to adapt their certification strategies; …
The CCRA Management Committee Chair has announced that two more countries, Qatar and Singapore, will officially sign the Common Criteria Recognition Agreement (CCRA). The addition of of the two nations brings the total number of participants to …
Implementing a FIPS 140-2 validation into your product is a great way to strengthen your solution, enhance your brand, and secure your bottom line. When pursuing FIPS, you will be faced with difficult and often confusing …
DISA’s June News Lessons Learned from the First DOD Applications Migrated to the Commercial Cloud DISA Vice Director Jack Wilmer speaks on benefits of cloud solutions, including increased speed, agility, and cost savings Big Data …
Corsec would like to congratulate our partner, Ixia, which provides testing, visibility, and security solutions to strengthen applications across physical and virtual networks; on being listed on the “In Process” list for two of their FIPS 140-2 validations. Ixia’s products, the VisionONE …
The Department of Commerce’s National Technical Information Services (NTIS) has announced a few new changes that may very well shake up the way the government uses and shares information. NTIS has announced a new joint …
The General Services Administration (GSA) has announced their intentions to add another SIN to the GSA Schedule 70 – “Highly Adaptive Cybersecurity Services (HACS)”. The new SIN will be broken down into three categories for security services — proactive, …
The Department of Homeland Security (DHS) has approved $1.8 billion in funding to prevent cybersecurity attacks and protect critical infrastructure. The House Appropriations Subcommittee approved the bill last week in order to support the National Protection and …
The Communications Security Establishment (CSE), the governing body of Common Criteria in Canada, has officially stated they will only accept Protection Profile (PP) based evaluations starting in September of 2017. Furthermore, they have stated that they …
NIST has released draft Special Publication (SP) 800-184, titled “Guide for Cybersecurity Event Recovery” – This draft is open to public comment until July, 11th, 2016 “The purpose of this document is to support federal agencies …
CMVP has new guidelines which went live last month via the release of Implementation Guidance (G.16). This update will affect product vendors that have not taken proper precautions with project management related to their FIPS 140-2 validations. During …
In 2013, the Defense Informations Systems Agency (DISA) developed an on-premise cloud solution for the DoD – milCloud 1.0. DISA continues to operate and manage this solution, but since its inception, cloud based services have …
Over the past two months Corsec has traveled from Seoul, Korea to Ontario, Canada in order to attend security certification events such as the Common Criteria Users Forum (CCUF), and the International Cryptographic Module Conference (ICMC). The discussions …
NIST Releases “Best Practices Guide for Personal Identity Verification (PIV)-enabled Privileged Access” In response to the Office of Management and Budget (OMB)’s Cybersecurity Strategy and Implementation Plan, NIST has released their best practices guide for Personal Identity Verification …
Corsec recently attended the Cybersecurity Innovation Summit at George Mason University in Fairfax, VA. This event created a platform for discussions on the recent advancements in cybersecurity and the evolving challenges security experts face. Among those attending, were members of …
Last week, the Department of Defense (DOD) released an update to the Cloud Computing Security Requirements Guide (CC SRG) through the Chief Information Office and the Defense Information Systems Agency (DISA). This update provides guidance …
Defense Secretary Ashton Carter announced that the Pentagon would be spending an additional $900 million in 2017 to enhance cyber defense measures. This comes after last years hack of the Office of Personnel Management (OPM), resulting …
The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) has released the fourth revision of their Internal Report covering SCAP Version 1.2 Validation Program Test Requirements. SCAP or the “Security Content Automation Protocol” is …
In addition to the new vulnerabilities identified in January of this year, OpenSSL has once again had to release a slew of patches to correct problematic areas, which could ultimately affect your FIPS validation, Common Criteria …
Last month NIST released a draft publication on sources of Entropy and randomness in protecting sensitive data. The draft “Special Publication 800-90B, Recommendation for the Entropy Sources Used for Random Bit Generation”, is intended to help product vendors …