DISA Cloud Migration
In 2013, the Defense Informations Systems Agency (DISA) developed an on-premise cloud solution for the DoD – milCloud 1.0. DISA continues to operate and manage this solution, but since its inception, cloud based services have …
Security
DISA Updates Cloud Computing Security
Last week, the Department of Defense (DOD) released an update to the Cloud Computing Security Requirements Guide (CC SRG) through the Chief Information Office and the Defense Information Systems Agency (DISA). This update provides guidance …
Pentagon Increases Spending On Cyber Defense
Defense Secretary Ashton Carter announced that the Pentagon would be spending an additional $900 million in 2017 to enhance cyber defense measures. This comes after last years hack of the Office of Personnel Management (OPM), resulting …
SCAP: New Revision Available
The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) has released the fourth revision of their Internal Report covering SCAP Version 1.2 Validation Program Test Requirements. SCAP or the “Security Content Automation Protocol” is …
OpenSSL Patches: Two New Named Attacks
In addition to the new vulnerabilities identified in January of this year, OpenSSL has once again had to release a slew of patches to correct problematic areas, which could ultimately affect your FIPS validation, Common Criteria …
NIST’s Draft PUB on Entropy and RNG
Last month NIST released a draft publication on sources of Entropy and randomness in protecting sensitive data. The draft “Special Publication 800-90B, Recommendation for the Entropy Sources Used for Random Bit Generation”, is intended to help product vendors …
Medical Devices & Security Guidelines
As cyber security risks continue to grow, a number of industries are starting to take steps to ensure secured protection of products. Health Care has always been an area of concern given the sensitive nature of …
NSA Reorganization
In December of 2015, we heard about the NSA’s proposed reorganization (its biggest in 20 years) and a few of the potential impacts it could have on the agency and industry as a whole. One critical …
Obama Signs Executive Orders
President Obama created two new executive orders on Tuesday: The first, a Commission on Enhancing National Cybersecurity, dedicated to “enhance cybersecurity awareness and protections at all levels of Government, business, and society, to protect privacy, to ensure public safety …
Corsec Attending AFCEA WEST
Corsec will be in San Diego, CA for the annual AFCEA WEST conference. “The premier naval conference and exposition on the West Coast, WEST is now in its 26th year of bringing military and industry …
High Severity OpenSSL Vulnerability
On January 28th, 2016, OpenSSL released a patch to update a high risk vulnerability. It was discovered and reported that prime “files may not be “safe”. Where an application is using DH configured with parameters …
Happy Data Privacy Day
On January 28th; the U.S., Canada, and 47 European countries take time to acknowledge the importance of privacy and data protection best practices. Although this day has its roots in protecting personal data, specifically with …
White House Updates
When the Whitehouse issued its new action plan to prevent security breaches and attacks similar to that of the OPM fiasco, part of the plan was to acknowledge a number of cybersecurity gaps; some of which will ultimately impact …
Corsec Security Has Moved…Again!
In response to client demand, Corsec has recently relocated our global headquarters to Herndon, Virginia. The significantly larger space houses critical infrastructure and a growing staff of tech professionals. The new facility is equipped with …
FIPS 140-2 & Common Criteria Security Certifications
The numbers are in and with our partners help; Corsec has had one of its most successful quarters in company history! And the future looks even more promising. With the rising threat of security breaches in today’s technology landscape, the need for products that can deliver a high degree of trusted protection…
Corsec Security Augments Services to Provide Complete DoDIN APL Solution for Information Security Vendors
Corsec Expands service offering to include DoDIN APL certification. Fairfax, VA, January 12, 2012 – Corsec Security, Inc., the leader in FIPS 140-2 and Common Criteria documentation and project management services is announcing the addition of …
Common Criteria Schemes: Tips for Making the Right Choice
So many decisions, so little time. You’ve heard—and likely experienced—this mantra. And if you read this blog regularly, you’ve probably picked up on the fact that security validations involve making a whole host of decisions. When pursuing Common Criteria certification, one often perplexing, yet critical decision I hear people lament…
The True Cost of FIPS 140-2 Validation
The benefits of getting FIPS 140-2 validation for your product shouldn’t be underestimated. Your FIPS 140-2 validation demonstrates your integrity and commitment to providing your customers with compliant security products and systems. But the validation process can be time consuming, complex and is an investment not to be taken lightly. So, while planning…
Budgeting for Certifications: Avoid Cost Creep
Budgeting for a Common Criteria Certification can be difficult, but it’s not impossible. Understanding how to create your certification budget, and taking the necessary steps to follow through with that budget, can reduce your costs and simplify the certification process. We are frequently asked, “How much does certification cost…