ESV Header

Entropy for FIPS and Common Criteria: What Is It?

In the world of cryptography, data is only safe as long as the keys used to protect that data are kept secure. While, on one hand, this means that keys must be protected against unauthorized access, it also means that keys must be created in a way that makes them difficult for an attacker to guess. To produce cryptographically strong…

FIPS 140, CSfC, Common Criteria, UC APL

A Look Back: 2013 for FIPS, Common Criteria and DoDIN APL

The end of the year is a great time to look back at important milestones and use what we’ve learned to plan for the upcoming year. This year, clearing the air where myths and misconceptions were concerned was a theme that we saw come up repeatedly at Corsec, and laying the groundwork for smooth process…

FIPS 140-2, FIPS 140-2 validation, FIPS Validation, FIPS 140-2 process, FIPS Inside, FIPS Compliant

Dispelling FIPS Certification Myths

There are plenty of myths out there about FIPS and what it really takes to achieve validation. During our most recent webinar, “Top 10 Myths about FIPS,” we dispelled some of those myths and gave insight into what it really means to be FIPS validated and how your company can navigate the complicated validation process because of the level of detail, time, and cost involved, there…

FIPS 140-2, FIPS 140-2 validation, FIPS Validation, FIPS 140-2 process, FIPS Inside, FIPS Compliant

Decisions In A FIPS 140-2 Validation

Trying to decide whether to perform a FIPS 140-2 validation on your product? It can actually be a pretty black and white decision. If you want to sell any product containing cryptography to any U.S. government agency or department, then the answer is clear cut: you need a FIPS validation. FIPS 140-2 validation is required for products that contain…

CC-Certification-Common-Criteria-Certification

Understanding Common Criteria Technical Working Groups

I recently had a conversation with a product vendor who was new to the Common Criteria community and it was refreshing to talk about and look at the Common Criteria “machine” from an outside perspective. One of the interesting parts of that machine is the Common Criteria User Forum (CCUF). It provides a voice and communications…

FIPS 140, CSfC, Common Criteria, UC APL

The Last Details on ICMC 2013 and What to Look for Next Year

Is it too late to talk about the International Cryptographic Modules Conference (ICMC)? Well, it really depends on how you look at it. If you were looking for a timely recap of the conference, then yes, I guess it is. But if you missed any of the details, this might be your last chance to catch up. And planning has just begun for next year’s conference…

niap

NIAP’s Targeted Assurance Protection Profiles: Different, Not Less Secure

One way for a product vendor to make sure that a product undergoing a Common Criteria (CC) evaluation is providing expected security functionality is to conform to a Protection Profile (PP) for that product type. PPs outline the appropriate security functionality for a given product type, and are usually…

CC-Certification-Common-Criteria-Certification

Technical Communities: Creating Common Criteria Protection Profiles

Who is Defining the Criteria That Your Products Will Need to be Evaluated Against? I have been involved in the Common Criteria (CC) community since the first International Common Criteria Conference (ICCC) in 2000. While I spend a lot of my time down in the weeds of Common Criteria issues, it’s refreshing to look at the Common…

FIPS 140-2, FIPS 140-2 validation, FIPS Validation, FIPS 140-2 process, FIPS Inside, FIPS Compliant

FIPS Certification Process

I have recently read several online articles questioning what it means for a cryptographic module to be FIPS 140-2 validated. While the FIPS 140-2 validation process is very complicated and replete with regulations, some of the information presented in the articles themselves and the comments made by…

CC-Certification-Common-Criteria-Certification

More from the ICCC: Update on CNSSP #11 and Common Criteria

In my last post, I brought everyone up to speed on some happenings from the recent ICCC Conference in Orlando, including the revised Common Criteria Recognition Arrangement (CCRA) and its implications. There was a great deal of other discussion on various topics of interest, including the subject of collaboration…

blank

U.S. Government Shutdown Impacts FIPS Validations

As you know, the U.S. federal government officially shut down many of its operations. This shutdown directly affects NIST and, as a result, impacts its FIPS validation activities. We are sending you this e-mail to let you know what resources Corsec has available and how this situation will impact your validation efforts.

CC-Certification-Common-Criteria-Certification

Updates from ICCC Include CCRA Revisions

Some of us from Corsec recently attended the 14th International Common Criteria Conference (ICCC) in Orlando, Florida, and we came away feeling that the Common Criteria (CC) community is finally coming together in many positive ways. After several years of difficult transition into defining the new CC paradigm of collaborative Protection Profiles (cPPs) and international Technical Communities (iTCs),…

CC-Certification-Common-Criteria-Certification

Updates from the Joint CCDB/CCUF Workshop

It’s always great to get together with others from our industry to discuss advances and collaborate on moving processes forward for Common Criteria. Last month, several of us had the opportunity to work with colleagues from around the world at two separate events in Orlando, Florida. A group of us spent the first two weeks of September in Orlando, as Corsec sent multiple…

RMF and the DoD's UC APL

Planning Leads to Smooth Sailing in DoDIN APL Listing: Webinar Recap

Getting your product listed on the DoD UC APL can seem like a Herculean task. We’ve talked before about the ins and outs of the entire listing process, but anyone who has considered any type of IT security validation knows that making the process as efficient as possible is as key as paying attention to the details. Last week, Corsec Co-Founder…

Corsec-Common-Criteria

Common Criteria Schemes: Tips for Making the Right Choice

So many decisions, so little time. You’ve heard—and likely experienced—this mantra. And if you read this blog regularly, you’ve probably picked up on the fact that security validations involve making a whole host of decisions. When pursuing Common Criteria certification, one often perplexing, yet critical decision I hear people lament…

FIPS 140, CSfC, Common Criteria, UC APL

CSfC and Your Product Evaluation

We have recently seen an increase in the number of clients who are asking about CSfC and how to get on the CSfC Components List maintained by the National Security Agency (NSA) Information Assurance Directorate (IAD). CSfC is the acronym for the IAD’s Commercial Solutions for Classified program. It’s worth noting…

FIPS 140-2, FIPS 140-2 validation, FIPS Validation, FIPS 140-2 process, FIPS Inside, FIPS Compliant

New FIPS 140-2 IG Update Released: What You Need to Know

In our recent post we talked about the recent changes to Common Criteria, FIPS, and UC APL, and the importance of putting these changes in context for your business. Today we have another change to tell you about. On July 25, CMVP issued an update to the FIPS 140-2 Implementation Guidance(IG). No matter where your module is in the…

FIPS 140, CSfC, Common Criteria, UC APL

Hot Topics for ISO/IEC JTC 1/SC 27’s WG 3: Q & A with Miguel Bañón

Last week, I shared a conversation I had with Miguel Bañón, Convenor of ISO/IEC JTC 1/SC 27’s WG 3 (work group 3), that offered an overview of the current work of the WG 3, as well as some great insight into planned changes in the areas of evaluation, testing and specification for the IT security industry. Today, we’ll…

FIPS 140, CSfC, Common Criteria, UC APL

Q&A with Miguel Bañón: A Look at ISO/IEC JTC 1/SC 27’s WG 3

At Corsec, we have the opportunity to work with many industry insiders, partners, and labs as we help our clients through the security validation process. This provides us with a unique perspective when looking at the changes occurring within the IT security space. One group of particular interest right now is the ISO/IEC JTC 1/SC 27’s WG 3…

FIPS 140, CSfC, Common Criteria, UC APL

But the Rules are Changing!

According to the ancient Greek philosopher Heraclitus, “There is nothing permanent except change.” As anyone following security certifications lately can tell you, there is a lot of truth in this statement. We have entered another …

Read more