FIPS 140-2, FIPS 140-2 validation, FIPS Validation, FIPS 140-2 process, FIPS Inside, FIPS Compliant

The True Cost of FIPS 140-2 Validation

The benefits of getting FIPS 140-2 validation for your product shouldn’t be underestimated. Your FIPS 140-2 validation demonstrates your integrity and commitment to providing your customers with compliant security products and systems. But the validation process can be time consuming, complex and is an investment not to be taken lightly. So, while planning…

FIPS 140-2, FIPS 140-2 validation, FIPS Validation, FIPS 140-2 process, FIPS Inside, FIPS Compliant

The FIPS Standard: Do I Revalidate?

In our recent blog post, we talked about the cost and timing you can expect if you pursue FIPS 140-2 revalidation for your product or system. We also touched on five change scenarios that necessitate revalidation. These scenarios were created by the Cryptographic Module Validation Program (CMVP), the same body that published the FIPS standard, which covers…

Corsec-Common-Criteria

Why You Need Common Criteria Certification and How to Get There

In the IT security industry, research and development teams continually race to introduce new products, while at the same time, project teams improve upon existing offerings—all scrambling to ensure that the latest versions meet security functional and assurance requirements. The goal is to bring the strongest and most secure…

Watch A Webinar by Corsec

Webinar Recap: Should You Revalidate or Recertify?

If you have been through the certification or validation process for your security product, I don’t need to tell you that it’s a substantial investment in time, resources and cost. Or that it’s worth that investment when you consider the benefits you’ll realize from your ability to sell into the lucrative government market. We discussed…

blank

Budgeting for Certifications: Avoid Cost Creep

Budgeting for a Common Criteria Certification can be difficult, but it’s not impossible. Understanding how to create your certification budget, and taking the necessary steps to follow through with that budget, can reduce your costs and simplify the certification process. We are frequently asked, “How much does certification cost…

FIPS 140, CSfC, Common Criteria, UC APL

You Have Your Validation, Now Use It To Sell

Where is the most money lost in a validation? I know this is a question my customers ask themselves while making a decision on how to achieve validation. A) Is it the consultant? B) Is it in the testing laboratory? C) Is it the scope of the process? I’ll let you in on an insider secret—the correct answer is “none of the above.” You won’t lose big in validations, or in any direct expense…

Watch A Webinar by Corsec

Highlights from Corsec’s DoDIN APL Webinar: A Glimpse Into What You Missed

Corsec recently presented a webinar called, DoD UC APL Solutions: Dealing with UCCO, STIGS, JITC, the TIC, Army, and DoD Requirements. Judging from the large number of views and inquiries on this, the Department of Defense’s Unified Capabilities Approved Products List (DoD UC APL) is a very hot topic for many vendors, and…

FIPS 140, CSfC, Common Criteria, UC APL

15 Years Teaches You a Lot: 3 Key Points to Remember

At Corsec, we just celebrated our 15th year of business in the security validation consulting industry. As you might imagine, we spent some time reflecting on the changes we have seen in the industry, the customers we have had the pleasure to work with, and the successes and failures we have seen over the years.

There were a few specific things that kept coming up in these discussions—three factors we could identify that predicted success or failure in security validation projects.

Read more

FIPS 140, CSfC, Common Criteria, UC APL

Starting a Validation—Don’t Make All of Your Decisions up Front

A security validation is a substantial process—getting it started can be daunting. But you don’t need to decide everything up front—in fact, you shouldn’t. There are definitely some important considerations to work through, but there are some decisions you should put off until you are well into the process.

Read more

FIPS 140, CSfC, Common Criteria, UC APL

Is There Value in Maintaining Your Security Validation?

Once you have spent the time and money to pursue a security validation, you’re all done, right? Well, not exactly. However, the good news is that it isn’t hard or expensive to maintain your validation.

For most security validations, the validation applies to a specific version of hardware and software. At the beginning of your evaluation you must choose which versions of your product you are taking through the validation process. 

Read more

FIPS 140-2, FIPS 140-2 validation, FIPS Validation, FIPS 140-2 process, FIPS Inside, FIPS Compliant

What You Need to Know about FIPS 140-2, OpenSSL, and the new IG Requirement

You may have heard about the new interpretation of the mandatory requirement in Section 9.5 of the Implementation Guidance (IG) document, a key component of FIPS 140-2 documentation issued by the Cryptographic Module Validation Program (CMVP). This interpretation is causing conflicts with the architecture of the OpenSSL validations and how OpenSSL’s validation applies to customers using their software.

Read more

FIPS 140-2, FIPS 140-2 validation, FIPS Validation, FIPS 140-2 process, FIPS Inside, FIPS Compliant

FIPS 140-2 Validated: Top 10 Myths

If you’re thinking about pursuing FIPS 140-2 validation for your system or component, you know the benefits that validation provides. But along with the considerable perks you’ve heard about, there is lots of erroneous information floating around. Unless you do your homework, you may fall into a minefield or two that could result in major setbacks in time and cost.

FIPS 140-2, FIPS 140-2 validation, FIPS Validation, FIPS 140-2 process, FIPS Inside, FIPS Compliant

Which FIPS Validation Is Right? 140-2 or 140-3?

This is a very frequently asked question, and we have been fielding questions from clients on how to deal with FIPS 140-3 for years now. But, for years the advice has uniformly been: “Don’t worry about FIPS 140-3; you only need to deal with FIPS 140-2 right now.” But that’s a very unsatisfying answer, especially when there have been folks actively proclaiming “Woe betide ye

CC-Certification-Common-Criteria-Certification

CC Certification: Important Factors

Congratulations! You’ve decided to pursue Common Criteria certification for your information technology security product. Now what? The single most important factor that will influence whether your product is certified on schedule is not the product itself; it’s how you manage the certification process. So before you embark…

Watch A Webinar by Corsec

Maximize Your Certification ROI – New Corsec Webinar

Your certification or validation was a significant investment of both time and money for your company. While a certification or validation can be a substantial revenue generator for your company, it will only be so if it keeps up with any changes added to your product.  Over time your product will undoubtedly be enhanced, whether by new features or by bug fixes. Given the care and effort you have invested in your product development strategy, it is critical to also have a product revalidation strategy in order to maintain a validation or certification on your currently available products.

Read more

Watch A Webinar by Corsec

Webinar: Moving Through DoDIN APL Testing Efficiently

If you’ve heard of DoDIN APL, you probably have a list of questions. DoDIN APL (which stands for The Department of Defense Information Network Approved Products List) is a directory of IT security products that have completed both Information Assurance (IA) and Interoperability (IO) testing and certification. Attaining inclusion in the APL can be an avenue to new revenue opportunities, but like anything involving federal approval, it’s not an easy road.

Read more