Corsec Security Has Moved…Again!

In response to client demand, Corsec has recently relocated our global headquarters to Herndon, Virginia. The significantly larger space houses critical infrastructure and a growing staff of tech professionals. The new facility is equipped with comprehensive security features as well as FIPS 140-2 validated and Common Criteria certified products, boosting security for clients’ intellectual property.

A Growing Marketplace

By 2016, the global IT product market is expected to grow to $3.66 trillion. This explosion is attracting interest from domestic and international IT companies, with expenditures in health care, financial services, critical infrastructure, U.S. and global governments, military, and consumer electronics. To tap into this revenue stream, product vendors are obtaining security certifications, such as FIPS 140-2, Common Criteria and listing on the UC APL, that serve as barriers to entry in the U.S. federal market, and are a competitive requirement in the private sector. Corsec works with a wide range of companies across many industries as well as in the traditional IT hubs of San Francisco, Boston, Austin, Atlanta, Tel Aviv, Bangalore, Sydney, and beyond.

Certifications & Validations: A Changing Landscape

Developments in Common Criteria, FIPS 140-2 and UC APL include:

COMMON CRITERIA – New protection profiles, technical communities, and requirements for entropy for certain evaluations, as well as changes in guidance from member nations, are among Common Criteria’s changes. Clients who engaged Corsec early on in their product’s development phase have found they no longer have to undergo product redesign to successfully achieve certification.

FIPS 140-2Recent implementation guidelines from the Cryptographic Module Validation Program (CMVP) have been employed. Heart bleed, deprecated algorithms, and support for Suite B, are among the nagging issues.

UC APL The establishment of the Unified Capabilities Approved Product Listing (UC APL) centralized DoD security validation requirements for IT purchases and consolidated the efforts of the Army, Navy, Air Force and Marine Corps into a single unified list. Over the last five years, DoD spending on IT products has grown to over $30 billion. UC APL requirements, and the number of alterations in product listing requirements, have seen significant change. Vendors must meet a growing number of STIGs, including: increased scrutiny in information assurance and information operability testing, CAC password authentication requirements, and IPv6.

The Changing Nature of Security Threats

Security breaches from Target to Sony, to the U.S. government, have become a daily occurrence. The consequences—loss of personal data and confidence, denial of service, and impact to critical infrastructure—are now forcing CIOs, CEOs and CISOs to mandate third-party validation best practices as prerequisites to enterprise systems. As security threats move into consumer interests, everyday people face what was once seen as exclusively a federal or corporate challenge. While security certifications and validations do not prevent attacks entirely, they do ensure best practices in product security development, which helps mitigate risks and the potential impact to consumers and governments alike. With certifications and security validations, consumers are better prepared to deal with potential security breaches.

Corsec’s expansion adds capabilities to help product vendors respond to increased certification requirements. We have created security validation solutions across many categories, including:

  • Intrusion Prevention
  • Storage
  • Next-Generation Firewalls
  • Big Data/Analytics
  • Cloud Solutions
  • Network Devices
  • Mobile Solutions
  • Secure Communications

In the next several months, our range will dramatically expand to include the Internet of Things (IoT), health care, connected car, avionics, and more.

The Corsec Solution

A Commitment to Securing IP That Is Second to None
Corsec’s new headquarters, located outside the nation’s capital and inside the Washington, D.C. area’s technology corridor, preserves Corsec’s proximity to the “federal hot spot.” This allows us to play an important role in influencing industry regulations while also residing among the most influential IT firms in the area. In addition, our new state-of-the-art video conferencing system enables us to connect with clients and colleagues around the globe.

The intellectual property of Corsec’s clients is protected around the clock by our state-of-the-art infrastructure, which includes FIPS 140-2 and Common Criteria certified products. Features of our custom-designed laboratory include:

  • An electronically-controlled and logged two-factor access portal that exceeds Common Criteria requirements
  • A security monitoring system with video recording 24/7/365
  • Independent environmental controls with backup to ensure safe and continued operations
  • Per-rack UPS protection
  • Redundant fiber optic connectivity
  • High Availability firewall configuration
  • Switched gigabit LAN (with 10GB capability)
  • VLAN architecture
  • Isolated lab VLAN, which can be further isolated as needed
  • Up to 40U rack space per customer
  • Personnel and logical material controls

Solving Client Issues

Corsec’s two paths for clients seeking security certifications and validations are:

Our Turnkey Approach: For Clients Who Are Ready
Corsec’s turnkey approach was designed for companies seeking the least risky path to certification, or for companies with critical go-to-market timelines. This end-to-end management of the certification process includes: Advisory, Design Engineering Consulting, Documentation, Engineering, Enterprise Lab, and Maintenance & Compliance services. In addition, all phases of program management, oversight, government interaction, and associated costs, are covered.

Our Assessment & De-Risking Service: For Clients Who Are Unsure
Companies attempting to enter the federal or corporate markets are confronted with a number of questions, including:

  • What are the standards and requirements for each certification?
  • Which version of the product addresses all them?
  • How long does it take? How much does it cost?
  • What is the CMVP, and how is it different from NIST?
  • Where does Suite B Crypto fall in?
  • What about entropy?
  • Do I need a sponsor?
  • Which lab is best?
  • What are my competitors doing?
  • When can we start selling?

During a client’s initial assessment, Corsec provides an introduction (an overview of a certification’s standards, history, requirements, and applicability), government and testing requirements, the role of accredited labs, and a timeline for certificate issuance. We also complete a Certification Competitive Intelligence Review to understand competitors’ certification activities and any opportunities for differentiation. We perform an in-depth review of the customer’s product and produce a Compliance Gap Analysis. Our formal Compliance Report outlines product gaps, documentation gaps and includes a recommended path to certification and our Statement of Work includes level of effort and cost of certificate issuance.

Are You Prepared to Hit Your 2016 Sales Goals?

Corsec partners with IT companies worldwide to manage the process of security certifications and validations. In our new space, we will continue to assist clients with accessing federal markets.

For more information on Corsec and how its services can benefit you, click here or email: jnelson@corsec.com