FIPS 140-2 Archives - Page 10 of 10 - Corsec Security, Inc.®

FIPS 140-2 & Common Criteria Security Certifications

4th February 20201st May 2015

The numbers are in and with our partners help; Corsec has had one of its most successful quarters in company history! And the future looks even more promising. With the rising threat of security breaches in today’s technology landscape, the need for products that can deliver a high degree of trusted protection…

Corsec Announces FIPS 140-2 Validation for Comtech EF Data Corp.

4th February 20209th September 2014

Corsec Helps Provide a Path to Successful FIPS 140-2 Certification, Opening Government, Military and Secure Commercial Networks Markets for IT Security Products Fairfax, VA, September 10, 2014 – Corsec, the world’s leading validation solutions provider, …

Entropy Testing: Tips for Meeting Requirements

9th November 202316th January 2014

In the second post of our two-part series, we continue our discussion with panelists from Computer Sciences Corporation: Lachlan Turner, Jason Cunningham, and Maureen Barry. Continuing where we left off with last week’s post, we’ll dive deeper into entropy and answer some of the many questions now arising…

Entropy for FIPS and Common Criteria: What Is It?

9th November 20239th January 2014

In the world of cryptography, data is only safe as long as the keys used to protect that data are kept secure. While, on one hand, this means that keys must be protected against unauthorized access, it also means that keys must be created in a way that makes them difficult for an attacker to guess. To produce cryptographically strong…

Dispelling FIPS Certification Myths

21st July 20176th December 2013

There are plenty of myths out there about FIPS and what it really takes to achieve validation. During our most recent webinar, “Top 10 Myths about FIPS,” we dispelled some of those myths and gave insight into what it really means to be FIPS validated and how your company can navigate the complicated validation process because of the level of detail, time, and cost involved, there…

Decisions In A FIPS 140-2 Validation

2nd August 201827th November 2013

Trying to decide whether to perform a FIPS 140-2 validation on your product? It can actually be a pretty black and white decision. If you want to sell any product containing cryptography to any U.S. government agency or department, then the answer is clear cut: you need a FIPS validation. FIPS 140-2 validation is required for products that contain…

FIPS Certification Process

30th September 202424th October 2013

I have recently read several online articles questioning what it means for a cryptographic module to be FIPS 140-2 validated. While the FIPS 140-2 validation process is very complicated and replete with regulations, some of the information presented in the articles themselves and the comments made by…

CSfC and Your Product Evaluation

15th July 202222nd August 2013

We have recently seen an increase in the number of clients who are asking about CSfC and how to get on the CSfC Components List maintained by the National Security Agency (NSA) Information Assurance Directorate (IAD). CSfC is the acronym for the IAD’s Commercial Solutions for Classified program. It’s worth noting…

The True Cost of FIPS 140-2 Validation

17th October 201711th July 2013

The benefits of getting FIPS 140-2 validation for your product shouldn’t be underestimated. Your FIPS 140-2 validation demonstrates your integrity and commitment to providing your customers with compliant security products and systems. But the validation process can be time consuming, complex and is an investment not to be taken lightly. So, while planning…

Budgeting for Certifications: Avoid Cost Creep

10th January 201830th May 2013

Budgeting for a Common Criteria Certification can be difficult, but it’s not impossible. Understanding how to create your certification budget, and taking the necessary steps to follow through with that budget, can reduce your costs and simplify the certification process. We are frequently asked, “How much does certification cost…

What You Need to Know about FIPS 140-2, OpenSSL, and the new IG Requirement

27th August 20155th March 2013

You may have heard about the new interpretation of the mandatory requirement in Section 9.5 of the Implementation Guidance (IG) document, a key component of FIPS 140-2 documentation issued by the Cryptographic Module Validation Program (CMVP). This interpretation is causing conflicts with the architecture of the OpenSSL validations and how OpenSSL’s validation applies to customers using their software.

Which FIPS Validation Is Right? 140-2 or 140-3?

27th July 202110th December 2012

This is a very frequently asked question, and we have been fielding questions from clients on how to deal with FIPS 140-3 for years now. But, for years the advice has uniformly been: “Don’t worry about FIPS 140-3; you only need to deal with FIPS 140-2 right now.” But that’s a very unsatisfying answer, especially when there have been folks actively proclaiming “Woe betide ye