Full Drive Encryption v2.0 Collaborative Protection Profiles (FDE cPP) Published The Full Drive Encryption (FDE) international Technical Community (iTC) has published version 2.0 of the FDE Encryption Engine (EE) and FDE Authorization Acquisition (AA) cPPs …
DISA’s August News DISA releases its Three-Tiered Approach to Cloud Computing DISA assists DoD cloud service providers with the Cloud Provisional Authorization (PA) process NIST’s August News A release was published on Post-Quantum Cryptography – …
After a great discussion in Japan at the 7th Annual Post-Quantum Crypto Conference (PQCrypto 2016) back in February, NIST has taken the next step and announced they are seeking additional input and comments on their draft proposal for “Post-Quantum Cryptography: Proposed Requirements …
Everyday we rely on technology to ensure continuation of our routine day to day activities. Access to clean drinkable water, open roadways free of congestion and chaos, power to brighten our homes and businesses, and oil …
BlackHat USA is on the horizon and product security enhancement is a huge focal point this year. Modern-day cryptography provides a level of security that was previously unimagined, but how do we ensure that the precautionary …
DISA’s July News DISA receives $9.7M in funds to help the American Warfighter from DOD Rapid Innovation Fund Program DISA PAC has new leadership – Col. Joseph E. Delaney COL Andrew S. McClelland assumes command of …
Implementing a FIPS 140-2 validation into your product is a great way to strengthen your solution, enhance your brand, and secure your bottom line. When pursuing FIPS, you will be faced with difficult and often confusing …
DISA’s June News Lessons Learned from the First DOD Applications Migrated to the Commercial Cloud DISA Vice Director Jack Wilmer speaks on benefits of cloud solutions, including increased speed, agility, and cost savings Big Data …
The Department of Commerce’s National Technical Information Services (NTIS) has announced a few new changes that may very well shake up the way the government uses and shares information. NTIS has announced a new joint …
The General Services Administration (GSA) has announced their intentions to add another SIN to the GSA Schedule 70 – “Highly Adaptive Cybersecurity Services (HACS)”. The new SIN will be broken down into three categories for security services — proactive, …
The Department of Homeland Security (DHS) has approved $1.8 billion in funding to prevent cybersecurity attacks and protect critical infrastructure. The House Appropriations Subcommittee approved the bill last week in order to support the National Protection and …
NIST has released draft Special Publication (SP) 800-184, titled “Guide for Cybersecurity Event Recovery” – This draft is open to public comment until July, 11th, 2016 “The purpose of this document is to support federal agencies …
CMVP has new guidelines which went live last month via the release of Implementation Guidance (G.16). This update will affect product vendors that have not taken proper precautions with project management related to their FIPS 140-2 validations. During …
In 2013, the Defense Informations Systems Agency (DISA) developed an on-premise cloud solution for the DoD – milCloud 1.0. DISA continues to operate and manage this solution, but since its inception, cloud based services have …
Last week, the Department of Defense (DOD) released an update to the Cloud Computing Security Requirements Guide (CC SRG) through the Chief Information Office and the Defense Information Systems Agency (DISA). This update provides guidance …
Defense Secretary Ashton Carter announced that the Pentagon would be spending an additional $900 million in 2017 to enhance cyber defense measures. This comes after last years hack of the Office of Personnel Management (OPM), resulting …
The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) has released the fourth revision of their Internal Report covering SCAP Version 1.2 Validation Program Test Requirements. SCAP or the “Security Content Automation Protocol” is …
In addition to the new vulnerabilities identified in January of this year, OpenSSL has once again had to release a slew of patches to correct problematic areas, which could ultimately affect your FIPS validation, Common Criteria …
Last month NIST released a draft publication on sources of Entropy and randomness in protecting sensitive data. The draft “Special Publication 800-90B, Recommendation for the Entropy Sources Used for Random Bit Generation”, is intended to help product vendors …
As cyber security risks continue to grow, a number of industries are starting to take steps to ensure secured protection of products. Health Care has always been an area of concern given the sensitive nature of …