DTECH LABS and Corsec Complete DoD’s UC APL Listing in Record Breaking Time

We are pleased to congratulate our partner DTECH LABS (a subsidiary of Cubic) for a true partnership in product security compliance and security hardening. Corsec and DTECH together have broken the previous benchmarks in time to listing for the DoD’s UC APL.  Corsec was able to accomplish this feat in record timing, completing their listing…

CMVP Has Begun Archiving!

As previously mentioned, CMVP announced that all certifications that use Random Number Generators (RNG), as well as certifications that use both the NIST 800-90A DRBG and RNG will be required to re-validate, otherwise, they will be placed on an unprocurable products list, which mandates reaffirmation with CMVP that you can meet new standards. Today, CMVP began to…

Happy Data Privacy Day

On January 28th; the U.S., Canada, and 47 European countries take time to acknowledge the importance of privacy and data protection best practices. Although this day has its roots in protecting personal data, specifically with attention to social networking, the Internet of Things (IoT) and interconnectivity of our lives has created a new world of vulnerabilities. Businesses…

White House Updates

When the Whitehouse issued its new action plan to prevent security breaches and attacks similar to that of the OPM fiasco, part of the plan was to acknowledge a number of cybersecurity gaps; some of which will ultimately impact security certifications such as FIPS 140-2, Common Criteria, and UC APL: Nov. 13, 2015 All agencies must identify and report to…

Cryptography, FIPS 140-2, and Lab Changes – What You Need to Know

Corsec brings highlights from recent events – offering insight into the future of Cryptographic Validations, Lab Reviews, and a potential new Inter-Agency Agreement. Cryptographic Validations, Quo Vadis? and apropos of FIPS 140-2 Cryptographic validations currently do not have an international acceptance, but the future for cryptographic validations looks promising in terms of mutual recognition. The public…

OpenSSL and FIPS 140-2 Compliance

Product vendors often rely on OpenSSL to gain FIPS 140-2 compliance.  With the new CMVP requirements and regulations, vendors using certain versions of the OpenSSL cryptographic library to meet FIPS 140-2 requirements will be in jeopardy of being non-compliant. This not only is affecting product vendors that have relied on this strategy for FIPS 140-2, but also for other certifications such…

Corsec Guides McAfee through FIPS 140-2 Level 2 Validation

After a year of collaboration and commitment, Corsec would like to congratulate our partner, McAfee, for completing the Federal Information Processing Standards 140-2 (FIPS 140-2) Level 2 validation of the McAfee Web Gateway WG5000 and WG5500 Appliances.   By partnering with Corsec, McAfee’s Gateway product is now a more secured enterprise security solutions.  Corsec’s demonstrated expertise…

Sunsetting of FIPS 140-2 Products

Over 1,500 FIPS 140-2 validated products will be facing archival by CMVP by 2017. Recently, CMVP, the governing body which oversees FIPS 140-2 validations, laid out guidelines and new regulations for validations in two distinct areas: Sunsetting of products validated prior to 2012 If your validation took place prior to January 1st 2012, then CMVP could…

EMC’s ViPR Controller Completes Common Criteria with Corsec’s Guidance

Corsec is pleased to have worked with EMC to complete the Common Criteria validation for the ViPR Controller v2.1.0.3 HF2.  With this validation, ViPR Controller will continue to be a trusted option for governments and industries who have stringent security requirements for protecting and securing data. These governments and industries mandate the highest level of security requirements…

Corsec Guides HP Smart Array RAID Controllers Through Validation

After a year of collaboration and commitment, Corsec would like to congratulate our partner, HP, for completing the Federal Information Processing Standards 140-2 (FIPS 140-2) validation of their product, the Smart Array Gen9 RAID Controllers.  These Smart Array Controllers provide encryption for data at rest and showcase HP’s commitment to helping federal organizations and global enterprises…

Corsec Guides HPE to Successful Common Criteria Certification

Congratulations to HPE for successful completion of the Common Criteria evaluation for Cloud Service Automation v4.10;  CSA has completed Common Criteria at an EAL 2+ level, and is a trusted option for governments and industries who have stringent security requirements for protecting and securing data.  The product provides an environment that can be used by cloud…

EMC Completes Another Common Criteria Certification with Corsec

Congratulations to our partner EMC on successfully completing the Common Criteria certification process for their product, Isilon OneFS v7.2.0.4.  With this validation, EMC Isilon will continue to be a trusted option for governments and industries who have stringent security requirements for protecting and securing data. These governments and industries mandate the highest level of security requirements for…

Harris Secures Portable Radios Under FIPS 140-2 With Corsec’s Help

We are pleased to announce that our partner, Harris, has successfully completed the Federal Information Processing Standards 140-2 (FIPS 140-2) validation for their product, the Harris AES Load Module (HALM).  With Corsec’s help, this module will now help ensure that their portable terminal radios offer secured lines of communication for all that use them.  The…

Corsec Helps HPE Achieve FIPS 140-2 Certification

We congratulate our partner, HP Enterprise on successfully completing the certification process for the BladeSystem c-class Virtual Connect Module under the Federal Information Processing Standards 140-2 (FIPS 140-2).  The certification underscores HPE’s commitment to providing secure and third-party validated products to Federal organizations and global enterprises. We are pleased and excited to have worked with the HPE team…

Corsec Cares Collects Gifts for Toys For Tots

Corsec’s philanthropy group, Corsec Cares, recently donated and delivered a box of gifts to the local Fairfax Toys For Tots location. The U.S. Marine Corps Reserves’ Toys for Tots program has been collecting and delivering new unwrapped gifts to less fortunate children around the country for years. As part of our effort to better the community that has…

Corsec Cares Works with Food for Others During Thanksgiving Food Drive

Corsec Cares (Corsec’s team members dedicated to philanthropy efforts), recently collected and delivered food donations for a local organization in Fairfax County to help families in need during the Thanksgiving holiday. Corsec is pleased to have donated to such a great organization as Food for Others, which provides free food to families and individuals in need.  Since 1995,…

The Next Step in FIPS 140-2 and Cryptography

Changes in Security Certifications:  With the extension of the FED budget, companies have begun to plan and develop their 2016 FED sales objectives with an eye on the expanding $70B total addressable market.  These companies are looking for ways to stay abreast to all changes affecting spending at the national level, as well as initiatives…

VMware’s vSphere v5.5 Completes CC with Help of Corsec

Corsec is pleased to congratulate our partner, VMware, on completing the Common Criteria validation for it’s product; vSphere v5.5. This product was tested and validated through the most stringent of security standards receiving a validation under an EAL2+, which underscores VMware’s commitment to helping federal organizations and global enterprises secure products around the world. vSphere is now able to sell…

Stringent Common Criteria Validation of Tintri Product Complete

As the demand to process higher amounts of data and at record levels escalates, the need for secured and protected storage solutions is dramatically increasing. Corsec is pleased to announce that Tintri; a leader in the secured storage space, recently partnered with us to complete the Common Criteria validation for their product VMstore v3.1.2.1. VMstore…

Changes in Common Criteria and Product Advocacy

As companies look to their 2016 sales objectives, the allure of the FED and it’s $70 billion budget, as well as emerging markets for healthcare, finance, critical infrastructure and the Internet of Things (IoT) is insatiably appealing. As we have all seen, U.S. and international governments as well as the aforementioned industries have stronger restrictions…

HP Works with Corsec to Secure IT Products Under Common Criteria

After months of hard work and dedication, Corsec is proud to congratulate HP on successfully completing the Common Criteria validation for it’s products; SiteScope v11.30 and Operations Orchestration (OO) v10.20. These products were tested and validated through the most stringent of security standards receiving a validation under an EAL2+, which underscores HP’s commitment to helping federal organizations and…

Corsec Helps EMC Certify Two More Products Under Common Criteria

Congratulations to our partner EMC, on achieving the Common Criteria Certification for VNXe OE v3.1.1 with Unisphere and VNXe3200 hardware as well as VMAX Series Appliances with HYPERMAX OS 5977. These products were tested and validated under the Canadian Scheme, which underscores EMC’s commitment to helping federal organizations and global enterprises secure products around the world. Corsec…

Corsec Cares Delivers Back to School Items

As part of Corsec Cares, Corsec team members have collected school supplies and donated them to FACETS, a local organization in Fairfax, VA.  FACETS is collecting supplies to help children in the area prepare for the new school year with all the necessary supplies needed to advance their education. Corsec donated supplies like folders, dividers,…

Ciena Corporation Achieves FIPS 140-2 Level 3

We are pleased to announce that our partner, Ciena Corporation, has successfully completed the Federal Information Processing Standards 140-2 (FIPS 140-2) validation for their product, the 6500 4×10 Krypto Card. The certification underscores Ciena’s commitment to helping federal organizations and global enterprises secure products. Corsec is pleased and excited to have helped them reach such a monumental…

Hewlett-Packard OpsBridge Undergoes Rigorous Common Criteria Evaluation Process

Corsec is pleased to announce Hewlett Packard Development Company’s Operations Bridge Premium v2015.x solution is officially in evaluation for an EAL2+ certification under the Spanish scheme. Common Criteria evaluation of security products is mandated for commercial information security products purchased by the U.S. government for use in national security systems. HP’s participation in this process illustrates the company’s commitment…

McAfee completes FIPS 140-2 validation for Firewall Enterprise Control Center Hardware and Virtual Appliance

Congratulations to our partner, McAfee, which has successfully completed the Federal Information Processing Standards 140-2 (FIPS 140-2) validation for the McAfee® Firewall Enterprise Control Center Hardware and Virtual Appliance. The certification underscores McAfee’s commitment to helping federal organizations and global enterprises secure products. Corsec is pleased and excited to have helped them reach such a monumental…

Corsec Has Moved…Again!

In response to client demand, Corsec has recently relocated our global headquarters to Herndon, Virginia. The significantly larger space houses critical infrastructure and a growing staff of tech professionals. The new facility is equipped with comprehensive security features as well as FIPS 140-2 validated and Common Criteria certified products, boosting security for clients’ intellectual property.…

CyberArk PASS v9.1 Earns Internationally Recognized Common Criteria Certification

Herndon, VA – July 9th, 2015 – CyberArk, the only security company laser-focused on striking down targeted cyber threats, those that make their way inside to attack the hear of enterprise announced today that PASS v9.1 has completed evaluation for an EAL2+ certification. CyberArk’s active participation in the Common Criteria evaluation process signifies the companies’ commitment to providing users with…

Corsec on the Road – Gartner Security & Risk Management Summit 2015

Ian Wisecarver and Jason Kozak head to Gartner Security & Risk Management Summit 2015. Corsec’s Ian Wisecarver and Jason Kozak will be joining the IT security discussion in our Nation’s Capital next week, as they meet with IT product vendors and industry leaders at the Gartner Security & Risk Management Summit 2015 in

IT Security Certifications at InfoSec 2015

Will you be at InfoSecurity 2015 this year? InfoSecurity 2015, is Europe’s largest free information security event, focused on relevant IT security issues including pressing issues like practical ways to protect information assets, recovering and securing data, and innovative strategies to discuss information security risks. Ian Wisecarver from Corsec will…

RMF: Is It Replacing the UC APL and other Security Certifications?

As companies tap into the growing addressable markets for Commercial and FED, they are confronted with a litany of standards, acronyms and security validations they must overcome in order to stay relevant. The list is daunting, and making sense of this has been our singular focus for the past 18 years. In that time, we…

Security Certification and Success

The numbers are in and with our partners help; Corsec has had one of its most successful quarters in company history! And the future looks even more promising. With the rising threat of security breaches in today’s technology landscape, the need for products that can deliver a high degree of trusted protection…

Corsec Announces FIPS 140-2 Validation for Comtech EF Data Corp.

Corsec Helps Provide a Path to Successful FIPS 140-2 Certification, Opening Government, Military and Secure Commercial Networks Markets for IT Security Products Fairfax, VA, September 10, 2014 – Corsec, the world’s leading validation solutions provider, today announced that its client, Comtech EF Data Corp., a subsidiary of Comtech Telecommunications Corp. (NASDAQ: CMTL), has achieved FIPS…

Corsec Announces Fall 2014 Global Speaking Tour

Industry Experts Selected to Deliver Critical Guidance and Insights at Leading IT Security Conferences Fairfax, VA, September 8, 2014 – Corsec, the world’s leader in providing access to new markets via third-party security validations, recently announced the lineup for its Fall 2014 Global Speaking Tour. Corsec experts will be presenting at key industry conferences on topics…

Corsec Guides ScienceLogic to Successful DoD Product Certification

IT Monitoring Software Client Gains Inclusion on the Department of Defense (DoD) Unified Capabilities Approved Products List (UC APL) Fairfax, VA, August 20, 2014 – Corsec, the world’s leading validation solutions provider, recently added ScienceLogic, Inc. to its growing list of clients who have achieved inclusion on the U.S. Department of Defense (DoD) Unified Capabilities…

NIST Successfully Slashes FIPS 140-2 Validation Wait Time Down to Record Lows

Fairfax, VA, May 14, 2011 –  Corsec Security, Inc., the leader in FIPS 140-2 and Common Criteria documentation, project management and consulting services, today announced that NIST’s Cryptographic Module Validation Program (CMVP) queue is down to a record low. This accomplishment marks a major success for the FIPS 140-2 program due to the hard work…

Corsec Security Augments Services to Provide Complete UC APL Solution for Information Security Vendors

Corsec Expands service offering to include DoD Unified Capabilities APL certification. Fairfax, VA, January 12, 2012 – Corsec Security, Inc., the leader in FIPS 140-2 and Common Criteria documentation and project management services is announcing the addition of Department of Defense Unified Capabilities Approved Product List (DoD UC APL) certification services in order to provide customers…

Corsec Completes 200th FIPS 140 & Common Criteria Certification for IT Security Vendors

Corsec Security, Inc., the leading provider of FIPS 140-2 and Common Criteria documentation and consulting services, today announced the completion of the 200th certificate they have achieved for IT Security vendors across the globe. Fairfax, VA, July 22, 2010 – Corsec Security, Inc., the leading provider of FIPS 140-2 and Common Criteria documentation and consulting…

Corsec Launches Global Expansion of Unified Capabilities Approved Product List (UC APL) Validation Services

Company Provides Path Towards Successful UC APL Inclusion, Opening United States Department of Defense Market for IT Products Fairfax, VA, February 18, 2014 – Corsec, the world’s leader in providing access to new markets via third party security validations, today announced the global expansion of its Unified Capabilities Approved Product List (UC APL) certification services. Corsec’s…

Heartbleed & Your Security Certification

Much has been in the news over the past couple of months about the security vulnerability known as Heartbleed. It is of vital interest to businesses and consumers, but especially so for businesses with products intended to provide security for their users. There are some specific and unique impacts to companies who are planning or are in the midst…

Why a UC APL Listing Means More Than Just DoD Revenue

What is the Unified Capabilities Approved Products List (UC APL) and why is it important to you? You’ve probably heard that it has to do with the Department of Defense — absolutely true and certainly very important. But there are other reasons that you should be concerned about getting your product onto the UC APL.…

Common Criteria Certification: Creating New Opportunities

Do you need to open the door to sell your IT security product to the U.S. government? That seems like it should be a process that is simple to work through, but think again. Any IT security product that will be used by the U.S. government for national security systems, either to handle classified and even some non-classified…

Maximize ROI: Market Your Certification

Taking the time, effort and resources to achieve FIPS or Common Criteria certification or UC APL listing is a big deal. It’s not an insignificant investment, and when it’s finally completed, you want to see a significant return, right? The most obvious solution is just to sell more product. And while this may seem both simple and obvious, we all know…

Entropy Testing for FIPS and Common Criteria: Tips for Meeting Requirements

In the second post of our two-part series, we continue our discussion with panelists from Computer Sciences Corporation: Lachlan Turner, Jason Cunningham, and Maureen Barry. Continuing where we left off with last week’s post, we’ll dive deeper into entropy and answer some of the many questions now arising…

Entropy Testing for FIPS and Common Criteria: What You Need to Know

In the world of cryptography, data is only safe as long as the keys used to protect that data are kept secure. While, on one hand, this means that keys must be protected against unauthorized access, it also means that keys must be created in a way that makes them difficult for an attacker to guess. To produce cryptographically strong…

A Look Back: 2013 for FIPS, Common Criteria and UC APL

The end of the year is a great time to look back at important milestones and use what we’ve learned to plan for the upcoming year. This year, clearing the air where myths and misconceptions were concerned was a theme that we saw come up repeatedly at Corsec, and laying the groundwork for smooth process…

Dispelling FIPS Myths: a Webinar Recap

There are plenty of myths out there about FIPS and what it really takes to achieve validation. During our most recent webinar, “Top 10 Myths about FIPS,” we dispelled some of those myths and gave insight into what it really means to be FIPS validated and how your company can navigate the complicated validation process because of the level of detail, time, and cost involved, there…

The First Five Steps in Your FIPS 140-2 Validation

Trying to decide whether to perform a FIPS 140-2 validation on your product? It can actually be a pretty black and white decision. If you want to sell any product containing cryptography to any U.S. government agency or department, then the answer is clear cut: you need a FIPS validation. FIPS 140-2 validation is required for products that contain…

Understanding Common Criteria Technical Working Groups

I recently had a conversation with a product vendor who was new to the Common Criteria community and it was refreshing to talk about and look at the Common Criteria “machine” from an outside perspective. One of the interesting parts of that machine is the Common Criteria User Forum (CCUF). It provides a voice and communications…

The Last Details on ICMC 2013 and What to Look for Next Year

Is it too late to talk about the International Cryptographic Modules Conference (ICMC)? Well, it really depends on how you look at it. If you were looking for a timely recap of the conference, then yes, I guess it is. But if you missed any of the details, this might be your last chance to catch up. And planning has just begun for next year’s conference…

Technical Communities: Creating Common Criteria Protection Profiles

Who is Defining the Criteria That Your Products Will Need to be Evaluated Against? I have been involved in the Common Criteria (CC) community since the first International Common Criteria Conference (ICCC) in 2000. While I spend a lot of my time down in the weeds of Common Criteria issues, it’s refreshing to look at the Common…

FIPS 140-2 Validation: Setting the Record Straight

I have recently read several online articles questioning what it means for a cryptographic module to be FIPS 140-2 validated. While the FIPS 140-2 validation process is very complicated and replete with regulations, some of the information presented in the articles themselves and the comments made by…

More from the ICCC: Update on CNSSP #11 and Common Criteria

In my last post, I brought everyone up to speed on some happenings from the recent ICCC Conference in Orlando, including the revised Common Criteria Recognition Arrangement (CCRA) and its implications. There was a great deal of other discussion on various topics of interest, including the subject of collaboration…

U.S. Government Shutdown Impacts FIPS Validations

As you know, the U.S. federal government officially shut down many of its operations. This shutdown directly affects NIST and, as a result, impacts its FIPS validation activities. We are sending you this e-mail to let you know what resources Corsec has available and how this situation will impact your validation efforts.

Updates from ICCC Include CCRA Revisions

Some of us from Corsec recently attended the 14th International Common Criteria Conference (ICCC) in Orlando, Florida, and we came away feeling that the Common Criteria (CC) community is finally coming together in many positive ways. After several years of difficult transition into defining the new CC paradigm of collaborative Protection Profiles (cPPs) and international Technical Communities (iTCs),…

Updates from the Joint CCDB/CCUF Workshop

It’s always great to get together with others from our industry to discuss advances and collaborate on moving processes forward for Common Criteria. Last month, several of us had the opportunity to work with colleagues from around the world at two separate events in Orlando, Florida. A group of us spent the first two weeks of September in Orlando, as Corsec sent multiple…

Planning Leads to Smooth Sailing in UC APL Listing: Webinar Recap

Getting your product listed on the DoD UC APL can seem like a Herculean task. We’ve talked before about the ins and outs of the entire listing process, but anyone who has considered any type of IT security validation knows that making the process as efficient as possible is as key as paying attention to the details. Last week, Corsec Co-Founder…

Common Criteria Schemes: Tips for Making the Right Choice

So many decisions, so little time. You’ve heard—and likely experienced—this mantra. And if you read this blog regularly, you’ve probably picked up on the fact that security validations involve making a whole host of decisions. When pursuing Common Criteria certification, one often perplexing, yet critical decision I hear people lament…

CSfC and Your Product Evaluation

We have recently seen an increase in the number of clients who are asking about CSfC and how to get on the CSfC Components List maintained by the National Security Agency (NSA) Information Assurance Directorate (IAD). CSfC is the acronym for the IAD’s Commercial Solutions for Classified program. It’s worth noting…

New FIPS 140-2 IG Update Released: What You Need to Know

In our recent post we talked about the recent changes to Common Criteria, FIPS, and UC APL, and the importance of putting these changes in context for your business. Today we have another change to tell you about. On July 25, CMVP issued an update to the FIPS 140-2 Implementation Guidance(IG). No matter where your module is in the…

Hot Topics for ISO/IEC JTC 1/SC 27’s WG 3: Q & A with Miguel Bañón

Last week, I shared a conversation I had with Miguel Bañón, Convenor of ISO/IEC JTC 1/SC 27’s WG 3 (work group 3), that offered an overview of the current work of the WG 3, as well as some great insight into planned changes in the areas of evaluation, testing and specification for the IT security industry. Today, we’ll…

Q&A with Miguel Bañón: A Look at ISO/IEC JTC 1/SC 27’s WG 3

At Corsec, we have the opportunity to work with many industry insiders, partners, and labs as we help our clients through the security validation process. This provides us with a unique perspective when looking at the changes occurring within the IT security space. One group of particular interest right now is the ISO/IEC JTC 1/SC 27’s WG 3…

But the Rules are Changing!

According to the ancient Greek philosopher Heraclitus, “There is nothing permanent except change.” As anyone following security certifications lately can tell you, there is a lot of truth in this statement. We have entered another period of profound change in security certifications. Putting these changes in the proper context is essential if you wish to…

Budgeting for UC APL: Plan Now, Save Later

The UC APL is on the radar screen of many companies, and with good reason. Your product or system’s inclusion on the Department of Defense Unified Capabilities Approved Products List (DoD UC APL) could have a major impact on your company’s revenue because the Army, Navy and other branches of the armed forces can only purchase and deploy systems on the…

Understanding the True Cost of FIPS Validation

The benefits of getting FIPS 140-2 validation for your product shouldn’t be underestimated. Your FIPS 140-2 validation demonstrates your integrity and commitment to providing your customers with compliant security products and systems. But the validation process can be time consuming, complex and is an investment not to be taken lightly. So, while planning…

FIPS Validation: Do I Need to Revalidate?

In our recent blog post, we talked about the cost and timing you can expect if you pursue FIPS 140-2 revalidation for your product or system. We also touched on five change scenarios that necessitate revalidation. These scenarios were created by the Cryptographic Module Validation Program (CMVP), the same body that published the FIPS standard, which covers…

Why You Need Common Criteria Certification and How to Get There

In the IT security industry, research and development teams continually race to introduce new products, while at the same time, project teams improve upon existing offerings—all scrambling to ensure that the latest versions meet security functional and assurance requirements. The goal is to bring the strongest and most secure…

Webinar Recap: Should You Revalidate or Recertify?

If you have been through the certification or validation process for your security product, I don’t need to tell you that it’s a substantial investment in time, resources and cost. Or that it’s worth that investment when you consider the benefits you’ll realize from your ability to sell into the lucrative government market. We discussed…

Budgeting for Common Criteria: Avoid Cost Creep

Budgeting for a Common Criteria Certification can be difficult, but it’s not impossible. Understanding how to create your certification budget, and taking the necessary steps to follow through with that budget, can reduce your costs and simplify the certification process. We are frequently asked, “How much does certification cost…

You Have Your Validation, Now Use It To Sell

Where is the most money lost in a validation? I know this is a question my customers ask themselves while making a decision on how to achieve validation. A) Is it the consultant? B) Is it in the testing laboratory? C) Is it the scope of the process? I’ll let you in on an insider secret—the correct answer is “none of the above.” You won’t lose big in validations, or in any direct expense…

Highlights from Corsec’s UC APL Webinar: A Glimpse Into What You Missed

Corsec recently presented a webinar called, DoD UC APL Solutions: Dealing with UCCO, STIGS, JITC, the TIC, Army, and DoD Requirements. Judging from the large number of views and inquiries on this, the Department of Defense’s Unified Capabilities Approved Products List (DoD UC APL) is a very hot topic for many vendors, and…

15 Years Teaches You a Lot: 3 Key Points to Remember

At Corsec, we just celebrated our 15th year of business in the security validation consulting industry. As you might imagine, we spent some time reflecting on the changes we have seen in the industry, the customers we have had the pleasure to work with, and the successes and failures we have seen over the years. There…

Starting a Validation—Don’t Make All of Your Decisions up Front

A security validation is a substantial process—getting it started can be daunting. But you don’t need to decide everything up front—in fact, you shouldn’t. There are definitely some important considerations to work through, but there are some decisions you should put off until you are well into the process.If you have been tasked with…

Is There Value in Maintaining Your Security Validation?

Once you have spent the time and money to pursue a security validation, you’re all done, right? Well, not exactly. However, the good news is that it isn’t hard or expensive to maintain your validation. For most security validations, the validation applies to a specific version of hardware and software. At the beginning…

New Discoveries at 2013 RSA Data Security Conference

We have completed another marathon week in San Francisco at the annual RSA Data Security Conference. For many in our industry, Corsec included, this conference continues to be an important place to gain new insights, visit with customers and partners, and attend meaningful talks.

What You Need to Know about FIPS 140-2, OpenSSL, and the new IG Requirement

You may have heard about the new interpretation of the mandatory requirement in Section 9.5 of the Implementation Guidance (IG) document, a key component of FIPS 140-2 documentation issued by the Cryptographic Module Validation Program (CMVP). This interpretation is causing conflicts with the architecture of the OpenSSL…

Top 10 Myths about FIPS 140-2 Validation

If you’re thinking about pursuing FIPS 140-2 validation for your system or component, you know the benefits that validation provides. But along with the considerable perks you’ve heard about, there is lots of erroneous information floating around. Unless you do your homework, you may fall into a minefield or two that could result in major setbacks in time and cost.

FIPS 140-2 or FIPS 140-3; which way should I go?

This is a very frequently asked question, and we have been fielding questions from clients on how to deal with FIPS 140-3 for years now. But, for years the advice has uniformly been: “Don’t worry about FIPS 140-3; you only need to deal with FIPS 140-2 right now.” But that’s a very unsatisfying answer, especially when there have been folks actively proclaiming “Woe betide ye

Common Criteria Certification: Who Steers the Ship?

Congratulations! You’ve decided to pursue Common Criteria certification for your information technology security product. Now what? The single most important factor that will influence whether your product is certified on schedule is not the product itself; it’s how you manage the certification process. So before you embark…

Maximize Your Certification ROI – New Corsec Webinar

Your certification or validation was a significant investment of both time and money for your company. While a certification or validation can be a substantial revenue generator for your company, it will only be so if it keeps up with any changes added to your product. Over time your product will undoubtedly be…

Webinar: Moving Through DoD UC APL Testing Efficiently

If you’ve heard of DoD UC APL, you probably have a list of questions. DoD UC APL (which stands for The Department of Defense Unified Capabilities Approved Products List) is a directory of IT security products that have completed both Information Assurance (IA) and Interoperability (IO) testing and certification. Attaining inclusion in the APL can…

Call Corsec +1 703 267 6050