Press Contact:

Corsec would like to congratulate our partner, Forcepoint, on completing the DoDIN APL process for their Next Generation Firewall (NGFW) Engine. Forcepoint partnered with Corsec to achieve this milestone and over the past year the teams worked to harden the product against security requirements for STIG testing, CAC compliance, IPv6, and Information Assurance and Interoperability testing. Forcepoint met the DoD APL’s product security requirements and was awarded the listing under the Data Firewall (DFW) product type.

“Completion of the DoD’s APL listing process is a testament to Forcepoint’s commitment to supporting the DoD and enhancing the security of its network” said Jake Nelson, Director of Marketing at Corsec. For more information on the listing visit the DISA Approved Products List. For more information on engineering your product to meet Federal and regulated industry security requirements, speak directly to a Corsec engineer.

About The DoDIN APL

The DoDIN APL represents the agency’s master list of secure, trusted, and approved technology infrastructure products. The DoDIN APL was developed in an effort to maintain a single consolidated list of products that have completed Interoperability (IO) and Information Assurance (IA) certification. Getting a product included on this coveted list involves a rigorous 39-step process overseen by the Approved Products Certification Office (APCO). This laborious and often confusing process involves the submission of a series of properly completed forms and product documentation, attainment of prerequisite validations and certifications such as FIPS 140-2, Common Criteria, and adherence to strict scheduling guidelines and interdependencies.

About Forcepoint & the NGFW

Forcepoint is the human-centric cybersecurity company that understands behavior and adapts security response and enforcement to risk. The Forcepoint Next Generation Firewall (NGFW) appliances are high-performance network security appliances that add a broad range of built-in security features, including VPN2, IPS3, anti-evasion, TLS inspection, SD-WAN4, and mission-critical application proxies, to a traditional firewall and provides end-to-end protection across the entire enterprise network.

For further information, please visit www.forcepoint.com

As you release new versions of previously certified and validated products, it is crucial that you develop a security certification maintenance plan to keep up with the evolution of your technology. Corsec’s Maintenance and Compliance Service helps you determine whether a full re-evaluation is necessary, or if you can pursue other measures to continue generating revenue from your initial certification or validation.

Security Certification Maintenance:

Each security certification has its own unique requirements for maintenance and renewal. Corsec’s engineering team helps you understand the specific actions you will need to take for each of their products and certifications.

FIPS 140-2
The FIPS 140-2 validation process lists five change scenarios that are used to determine if a product requires revalidation, or if documentation alone can address the changes at issue. Corsec will help determine which scenario mostly closely aligns to the latest version of your product.

Common Criteria
Common Criteria determines re-evaluation through a process called Assurance Continuity (AC). If major changes have occurred in the security environment, evidence needs to be submitted to a laboratory and the product needs to be re-evaluated. If minor changes have occurred, a vendor can perform “Assurance Maintenance,” a report that is attached as an addendum to the original product certification, as long as it is within two years of the initial issuance date.

DoDIN APL
In order to maintain a listing on the DoDIN APL, you must complete a Desktop Review (DR) for each major product version. In such a review, a high-level assessment determines whether the product listing will simply be updated with the new version identifier, whether minimal testing must be performed on the new version prior to receiving an updated listing, or whether the product must undergo a new evaluation in its entirety.

Keep Products Market-Ready

Corsec helps ensure that our partners continue to benefit from the efforts they put in initially to get their products certified or validated. If you have questions on the requirements around your products’ recertification or revalidation, we can help determine the best path forward with little to no disruption of your revenue stream.