Obama Signs Executive Orders

President Obama created two new executive orders on Tuesday: The first, a Commission on Enhancing National Cybersecurity, dedicated to “enhance cybersecurity awareness and protections at all levels of Government, business, and society, to protect privacy, to ensure public safety and economic and national security, and to empower Americans to take better control of their digital security.” This order will…

Corsec Helps CyberArk Become First Comprehensive Privileded Account Security Solution To Be Listed On The U.S. Department Of Defense’s UC APL

Corsec congratulates CyberArk, for achieving listing on the DoD’s UC APL. CyberArk’s active participation in security certifications and listing on the UC APL signifies the companies’ commitment to providing users with solid product security and CybeArk becomes the first comprehensive Privileged Account Security solution to be listed on the DoD’s UC APL. Over the past year, Corsec and…

Corsec Attending AFCEA WEST

Corsec will be in San Diego, CA for the annual AFCEA WEST conference.  “The premier naval conference and exposition on the West Coast, WEST is now in its 26th year of bringing military and industry leaders together.  Co-sponsored by AFCEA International and the U.S. Naval Institute, WEST is the foremost event in which the makers…

High Severity OpenSSL Vulnerability

On January 28th, 2016, OpenSSL released a patch to update a high risk vulnerability.  It was discovered and reported that prime “files may not be “safe”.  Where an application is using DH configured with parameters based on primes that are not “safe” then an attacker could use this fact to find a peer’s private DH…

CMVP Has Begun Archiving!

As previously mentioned, CMVP announced that all certifications that use Random Number Generators (RNG), as well as certifications that use both the NIST 800-90A DRBG and RNG will be required to re-validate, otherwise, they will be placed on an unprocurable products list, which mandates reaffirmation with CMVP that you can meet new standards. Today, CMVP began to…

EMC Adds Data Storage System To List of Common Criteria Evaluated Products

EMC continues to grow as a leader in the secured storage playing field.  Corsec would like to congratulate our partner EMC on completing the Common Criteria EAL 2+ evaluation for their product, the SourceONE v7.2.  With this certification, SourceONE will continue to be a trusted option for governments and industries which have stringent security requirements for protecting and securing…

Happy Data Privacy Day

On January 28th; the U.S., Canada, and 47 European countries take time to acknowledge the importance of privacy and data protection best practices. Although this day has its roots in protecting personal data, specifically with attention to social networking, the Internet of Things (IoT) and interconnectivity of our lives has created a new world of vulnerabilities. Businesses…

White House Updates

When the Whitehouse issued its new action plan to prevent security breaches and attacks similar to that of the OPM fiasco, part of the plan was to acknowledge a number of cybersecurity gaps; some of which will ultimately impact security certifications such as FIPS 140-2, Common Criteria, and UC APL: Nov. 13, 2015 All agencies must identify and report to…

Cryptography, FIPS 140-2, and Lab Changes – What You Need to Know

Corsec brings highlights from recent events – offering insight into the future of Cryptographic Validations, Lab Reviews, and a potential new Inter-Agency Agreement. Cryptographic Validations, Quo Vadis? and apropos of FIPS 140-2 Cryptographic validations currently do not have an international acceptance, but the future for cryptographic validations looks promising in terms of mutual recognition. The public…

OpenSSL and FIPS Compliance

Product vendors often rely on OpenSSL to gain FIPS compliance.  With the new CMVP requirements and regulations, vendors using certain versions of the OpenSSL cryptographic library to meet FIPS 140-2 requirements are in jeopardy of being out of FIPS compliance. This new set of requirements not only is affecting product vendors that have relied on this strategy for FIPS…

Corsec Guides McAfee through FIPS 140-2 Level 2 Validation

After a year of collaboration and commitment, Corsec would like to congratulate our partner, McAfee, for completing the Federal Information Processing Standards 140-2 (FIPS 140-2) Level 2 validation of the McAfee Web Gateway WG5000 and WG5500 Appliances.   By partnering with Corsec, McAfee’s Gateway product is now a more secured enterprise security solutions.  Corsec’s demonstrated expertise…

Sunsetting of FIPS 140-2 Products

Over 1,500 FIPS 140-2 validated products will be facing archival by CMVP by 2017. Recently, CMVP, the governing body which oversees FIPS 140-2 validations, laid out guidelines and new regulations for validations in two distinct areas: Sunsetting of products validated prior to 2012 If your validation took place prior to January 1st 2012, then CMVP could…

EMC’s ViPR Controller Completes Common Criteria with Corsec’s Guidance

Corsec is pleased to have worked with EMC to complete the Common Criteria validation for the ViPR Controller v2.1.0.3 HF2.  With this validation, ViPR Controller will continue to be a trusted option for governments and industries who have stringent security requirements for protecting and securing data. These governments and industries mandate the highest level of security requirements…

Corsec Guides HP Smart Array RAID Controllers Through Validation

After a year of collaboration and commitment, Corsec would like to congratulate our partner, HP, for completing the Federal Information Processing Standards 140-2 (FIPS 140-2) validation of their product, the Smart Array Gen9 RAID Controllers.  These Smart Array Controllers provide encryption for data at rest and showcase HP’s commitment to helping federal organizations and global enterprises…

Corsec Guides HPE to Successful Common Criteria Certification

Congratulations to HPE for successful completion of the Common Criteria evaluation for Cloud Service Automation v4.10;  CSA has completed Common Criteria at an EAL 2+ level, and is a trusted option for governments and industries who have stringent security requirements for protecting and securing data.  The product provides an environment that can be used by cloud…

EMC Completes Another Common Criteria Certification with Corsec

Congratulations to our partner EMC on successfully completing the Common Criteria certification process for their product, Isilon OneFS v7.2.0.4.  With this validation, EMC Isilon will continue to be a trusted option for governments and industries who have stringent security requirements for protecting and securing data. These governments and industries mandate the highest level of security requirements for…

Harris Secures Portable Radios Under FIPS 140-2 With Corsec’s Help

We are pleased to announce that our partner, Harris, has successfully completed the Federal Information Processing Standards 140-2 (FIPS 140-2) validation for their product, the Harris AES Load Module (HALM).  With Corsec’s help, this module will now help ensure that their portable terminal radios offer secured lines of communication for all that use them.  The…

Corsec Helps HPE Achieve FIPS 140-2 Certification

We congratulate our partner, HP Enterprise on successfully completing the certification process for the BladeSystem c-class Virtual Connect Module under the Federal Information Processing Standards 140-2 (FIPS 140-2).  The certification underscores HPE’s commitment to providing secure and third-party validated products to Federal organizations and global enterprises. We are pleased and excited to have worked with the HPE team…

Corsec Cares Collects Gifts for Toys For Tots

Corsec’s philanthropy group, Corsec Cares, recently donated and delivered a box of gifts to the local Fairfax Toys For Tots location. The U.S. Marine Corps Reserves’ Toys for Tots program has been collecting and delivering new unwrapped gifts to less fortunate children around the country for years. As part of our effort to better the community that has…

Corsec Cares Works with Food for Others During Thanksgiving Food Drive

Corsec Cares (Corsec’s team members dedicated to philanthropy efforts), recently collected and delivered food donations for a local organization in Fairfax County to help families in need during the Thanksgiving holiday. Corsec is pleased to have donated to such a great organization as Food for Others, which provides free food to families and individuals in need.  Since 1995,…

The Next Step in FIPS 140-2 and Cryptography

Changes in Security Certifications:  With the extension of the FED budget, companies have begun to plan and develop their 2016 FED sales objectives with an eye on the expanding $70B total addressable market.  These companies are looking for ways to stay abreast to all changes affecting spending at the national level, as well as initiatives…

VMware’s vSphere v5.5 Completes CC with Help of Corsec

Corsec is pleased to congratulate our partner, VMware, on completing the Common Criteria validation for it’s product; vSphere v5.5. This product was tested and validated through the most stringent of security standards receiving a validation under an EAL2+, which underscores VMware’s commitment to helping federal organizations and global enterprises secure products around the world. vSphere is now able to sell…

Stringent Common Criteria Validation of Tintri Product Complete

As the demand to process higher amounts of data and at record levels escalates, the need for secured and protected storage solutions is dramatically increasing. Corsec is pleased to announce that Tintri; a leader in the secured storage space, recently partnered with us to complete the Common Criteria validation for their product VMstore v3.1.2.1. VMstore…

Changes in Common Criteria and Product Advocacy

As companies look to their 2016 sales objectives, the allure of the FED and it’s $70 billion budget, as well as emerging markets for healthcare, finance, critical infrastructure and the Internet of Things (IoT) is insatiably appealing. As we have all seen, U.S. and international governments as well as the aforementioned industries have stronger restrictions…

HP Works with Corsec to Secure IT Products Under Common Criteria

After months of hard work and dedication, Corsec is proud to congratulate HP on successfully completing the Common Criteria validation for it’s products; SiteScope v11.30 and Operations Orchestration (OO) v10.20. These products were tested and validated through the most stringent of security standards receiving a validation under an EAL2+, which underscores HP’s commitment to helping federal organizations and…

Corsec Helps EMC Certify Two More Products Under Common Criteria

Congratulations to our partner EMC, on achieving the Common Criteria Certification for VNXe OE v3.1.1 with Unisphere and VNXe3200 hardware as well as VMAX Series Appliances with HYPERMAX OS 5977. These products were tested and validated under the Canadian Scheme, which underscores EMC’s commitment to helping federal organizations and global enterprises secure products around the world. Corsec…

Corsec Cares Delivers Back to School Items

As part of Corsec Cares, Corsec team members have collected school supplies and donated them to FACETS, a local organization in Fairfax, VA.  FACETS is collecting supplies to help children in the area prepare for the new school year with all the necessary supplies needed to advance their education. Corsec donated supplies like folders, dividers,…

Ciena Corporation Achieves FIPS 140-2 Level 3

We are pleased to announce that our partner, Ciena Corporation, has successfully completed the Federal Information Processing Standards 140-2 (FIPS 140-2) validation for their product, the 6500 4×10 Krypto Card. The certification underscores Ciena’s commitment to helping federal organizations and global enterprises secure products. Corsec is pleased and excited to have helped them reach such a monumental…

Hewlett-Packard OpsBridge Undergoes Rigorous Common Criteria Evaluation Process

Corsec is pleased to announce Hewlett Packard Development Company’s Operations Bridge Premium v2015.x solution is officially in evaluation for an EAL2+ certification under the Spanish scheme. Common Criteria evaluation of security products is mandated for commercial information security products purchased by the U.S. government for use in national security systems. HP’s participation in this process illustrates the company’s commitment…

McAfee completes FIPS 140-2 validation for Firewall Enterprise Control Center Hardware and Virtual Appliance

Congratulations to our partner, McAfee, which has successfully completed the Federal Information Processing Standards 140-2 (FIPS 140-2) validation for the McAfee® Firewall Enterprise Control Center Hardware and Virtual Appliance. The certification underscores McAfee’s commitment to helping federal organizations and global enterprises secure products. Corsec is pleased and excited to have helped them reach such a monumental…

Corsec Has Moved…Again!

In response to client demand, Corsec has recently relocated our global headquarters to Herndon, Virginia. The significantly larger space houses critical infrastructure and a growing staff of tech professionals. The new facility is equipped with comprehensive security features as well as FIPS 140-2 validated and Common Criteria certified products, boosting security for clients’ intellectual property.…

CyberArk PASS v9.1 Earns Internationally Recognized Common Criteria Certification

Herndon, VA – July 9th, 2015 – CyberArk, the only security company laser-focused on striking down targeted cyber threats, those that make their way inside to attack the hear of enterprise announced today that PASS v9.1 has completed evaluation for an EAL2+ certification. CyberArk’s active participation in the Common Criteria evaluation process signifies the companies’ commitment to providing users with…

Corsec on the Road – Gartner Security & Risk Management Summit 2015

Ian Wisecarver and Jason Kozak head to Gartner Security & Risk Management Summit 2015. Corsec’s Ian Wisecarver and Jason Kozak will be joining the IT security discussion in our Nation’s Capital next week, as they meet with IT product vendors and industry leaders at the Gartner Security & Risk Management Summit 2015 in

IT Security Certifications at InfoSec 2015

Will you be at InfoSecurity 2015 this year? InfoSecurity 2015, is Europe’s largest free information security event, focused on relevant IT security issues including pressing issues like practical ways to protect information assets, recovering and securing data, and innovative strategies to discuss information security risks. Ian Wisecarver from Corsec will…

Corsec Announces FIPS 140-2 Validation for Comtech EF Data Corp.

Corsec Helps Provide a Path to Successful FIPS 140-2 Certification, Opening Government, Military and Secure Commercial Networks Markets for IT Security Products Fairfax, VA, September 10, 2014 – Corsec, the world’s leading validation solutions provider, today announced that its client, Comtech EF Data Corp., a subsidiary of Comtech Telecommunications Corp. (NASDAQ: CMTL), has achieved FIPS…

Corsec Announces Fall 2014 Global Speaking Tour

Industry Experts Selected to Deliver Critical Guidance and Insights at Leading IT Security Conferences Fairfax, VA, September 8, 2014 – Corsec, the world’s leader in providing access to new markets via third-party security validations, recently announced the lineup for its Fall 2014 Global Speaking Tour. Corsec experts will be presenting at key industry conferences on topics…

Corsec Guides ScienceLogic to Successful DoD Product Certification

IT Monitoring Software Client Gains Inclusion on the Department of Defense (DoD) Unified Capabilities Approved Products List (UC APL) Fairfax, VA, August 20, 2014 – Corsec, the world’s leading validation solutions provider, recently added ScienceLogic, Inc. to its growing list of clients who have achieved inclusion on the U.S. Department of Defense (DoD) Unified Capabilities…

NIST Successfully Slashes FIPS 140-2 Validation Wait Time Down to Record Lows

Fairfax, VA, May 14, 2011 –  Corsec Security, Inc., the leader in FIPS 140-2 and Common Criteria documentation, project management and consulting services, today announced that NIST’s Cryptographic Module Validation Program (CMVP) queue is down to a record low. This accomplishment marks a major success for the FIPS 140-2 program due to the hard work…

Corsec Security Augments Services to Provide Complete UC APL Solution for Information Security Vendors

Corsec Expands service offering to include DoD Unified Capabilities APL certification. Fairfax, VA, January 12, 2012 – Corsec Security, Inc., the leader in FIPS 140-2 and Common Criteria documentation and project management services is announcing the addition of Department of Defense Unified Capabilities Approved Product List (DoD UC APL) certification services in order to provide customers…

Corsec Completes 200th FIPS 140 & Common Criteria Certification for IT Security Vendors

Corsec Security, Inc., the leading provider of FIPS 140-2 and Common Criteria documentation and consulting services, today announced the completion of the 200th certificate they have achieved for IT Security vendors across the globe. Fairfax, VA, July 22, 2010 – Corsec Security, Inc., the leading provider of FIPS 140-2 and Common Criteria documentation and consulting…

Corsec Launches Global Expansion of Unified Capabilities Approved Product List (UC APL) Validation Services

Company Provides Path Towards Successful UC APL Inclusion, Opening United States Department of Defense Market for IT Products Fairfax, VA, February 18, 2014 – Corsec, the world’s leader in providing access to new markets via third party security validations, today announced the global expansion of its Unified Capabilities Approved Product List (UC APL) certification services. Corsec’s…

Heartbleed & Your Security Certification

Much has been in the news over the past couple of months about the security vulnerability known as Heartbleed. It is of vital interest to businesses and consumers, but especially so for businesses with products intended to provide security for their users. There are some specific and unique impacts to companies who are planning or are in the midst…

Maximize ROI: Market Your Certification

Taking the time, effort and resources to achieve FIPS or Common Criteria certification or UC APL listing is a big deal. It’s not an insignificant investment, and when it’s finally completed, you want to see a significant return, right? The most obvious solution is just to sell more product. And while this may seem both simple and obvious, we all know…

Entropy Testing for FIPS and Common Criteria: What You Need to Know

In the world of cryptography, data is only safe as long as the keys used to protect that data are kept secure. While, on one hand, this means that keys must be protected against unauthorized access, it also means that keys must be created in a way that makes them difficult for an attacker to guess. To produce cryptographically strong…

Dispelling FIPS Certification Myths

There are plenty of myths out there about FIPS and what it really takes to achieve validation. During our most recent webinar, “Top 10 Myths about FIPS,” we dispelled some of those myths and gave insight into what it really means to be FIPS validated and how your company can navigate the complicated validation process because of the level of detail, time, and cost involved, there…

The First Five Steps in Your FIPS 140-2 Validation

Trying to decide whether to perform a FIPS 140-2 validation on your product? It can actually be a pretty black and white decision. If you want to sell any product containing cryptography to any U.S. government agency or department, then the answer is clear cut: you need a FIPS validation. FIPS 140-2 validation is required for products that contain…

The Last Details on ICMC 2013 and What to Look for Next Year

Is it too late to talk about the International Cryptographic Modules Conference (ICMC)? Well, it really depends on how you look at it. If you were looking for a timely recap of the conference, then yes, I guess it is. But if you missed any of the details, this might be your last chance to catch up. And planning has just begun for next year’s conference…

Technical Communities: Creating Common Criteria Protection Profiles

Who is Defining the Criteria That Your Products Will Need to be Evaluated Against? I have been involved in the Common Criteria (CC) community since the first International Common Criteria Conference (ICCC) in 2000. While I spend a lot of my time down in the weeds of Common Criteria issues, it’s refreshing to look at the Common…

Updates from ICCC Include CCRA Revisions

Some of us from Corsec recently attended the 14th International Common Criteria Conference (ICCC) in Orlando, Florida, and we came away feeling that the Common Criteria (CC) community is finally coming together in many positive ways. After several years of difficult transition into defining the new CC paradigm of collaborative Protection Profiles (cPPs) and international Technical Communities (iTCs),…

Updates from the Joint CCDB/CCUF Workshop

It’s always great to get together with others from our industry to discuss advances and collaborate on moving processes forward for Common Criteria. Last month, several of us had the opportunity to work with colleagues from around the world at two separate events in Orlando, Florida. A group of us spent the first two weeks of September in Orlando, as Corsec sent multiple…

Planning Leads to Smooth Sailing in UC APL Listing: Webinar Recap

Getting your product listed on the DoD UC APL can seem like a Herculean task. We’ve talked before about the ins and outs of the entire listing process, but anyone who has considered any type of IT security validation knows that making the process as efficient as possible is as key as paying attention to the details. Last week, Corsec Co-Founder…

Common Criteria Schemes: Tips for Making the Right Choice

So many decisions, so little time. You’ve heard—and likely experienced—this mantra. And if you read this blog regularly, you’ve probably picked up on the fact that security validations involve making a whole host of decisions. When pursuing Common Criteria certification, one often perplexing, yet critical decision I hear people lament…

But the Rules are Changing!

According to the ancient Greek philosopher Heraclitus, “There is nothing permanent except change.” As anyone following security certifications lately can tell you, there is a lot of truth in this statement. We have entered another period of profound change in security certifications. Putting these changes in the proper context is essential if you wish to…

The True Cost of FIPS 140-2 Validation

The benefits of getting FIPS 140-2 validation for your product shouldn’t be underestimated. Your FIPS 140-2 validation demonstrates your integrity and commitment to providing your customers with compliant security products and systems. But the validation process can be time consuming, complex and is an investment not to be taken lightly. So, while planning…

Why You Need Common Criteria Certification and How to Get There

In the IT security industry, research and development teams continually race to introduce new products, while at the same time, project teams improve upon existing offerings—all scrambling to ensure that the latest versions meet security functional and assurance requirements. The goal is to bring the strongest and most secure…

Webinar Recap: Should You Revalidate or Recertify?

If you have been through the certification or validation process for your security product, I don’t need to tell you that it’s a substantial investment in time, resources and cost. Or that it’s worth that investment when you consider the benefits you’ll realize from your ability to sell into the lucrative government market. We discussed…

You Have Your Validation, Now Use It To Sell

Where is the most money lost in a validation? I know this is a question my customers ask themselves while making a decision on how to achieve validation. A) Is it the consultant? B) Is it in the testing laboratory? C) Is it the scope of the process? I’ll let you in on an insider secret—the correct answer is “none of the above.” You won’t lose big in validations, or in any direct expense…

Starting a Validation—Don’t Make All of Your Decisions up Front

A security validation is a substantial process—getting it started can be daunting. But you don’t need to decide everything up front—in fact, you shouldn’t. There are definitely some important considerations to work through, but there are some decisions you should put off until you are well into the process.If you have been tasked with…

Is There Value in Maintaining Your Security Validation?

Once you have spent the time and money to pursue a security validation, you’re all done, right? Well, not exactly. However, the good news is that it isn’t hard or expensive to maintain your validation. For most security validations, the validation applies to a specific version of hardware and software. At the beginning…

FIPS 140-2 Validated: Top 10 Myths

If you’re thinking about pursuing FIPS 140-2 validation for your system or component, you know the benefits that validation provides. But along with the considerable perks you’ve heard about, there is lots of erroneous information floating around. Unless you do your homework, you may fall into a minefield or two that could result in major setbacks in time and cost.

FIPS 140-2 or FIPS 140-3; Which FIPS Validation Is Right?

This is a very frequently asked question, and we have been fielding questions from clients on how to deal with FIPS 140-3 for years now. But, for years the advice has uniformly been: “Don’t worry about FIPS 140-3; you only need to deal with FIPS 140-2 right now.” But that’s a very unsatisfying answer, especially when there have been folks actively proclaiming “Woe betide ye

Webinar: Moving Through DoD UC APL Testing Efficiently

If you’ve heard of DoD UC APL, you probably have a list of questions. DoD UC APL (which stands for The Department of Defense Unified Capabilities Approved Products List) is a directory of IT security products that have completed both Information Assurance (IA) and Interoperability (IO) testing and certification. Attaining inclusion in the APL can…

Call Corsec +1 703 267 6050