U.S. Gov

MONTHLY FED ROUNDUP – NOVEMBER 2017

DISA’s November News DISA conducted their Annual Industry Forecast DISA sponsors the 1st DoD Knowledge Management Summit The “Mercury Spectrum” mobile application is now available for download NIST’s November News Special Publications: Update to Special …

Read more

DoDIN APL

DoD Changes UC APL name to DoDIN APL

The Department of Defense has changed the name of the list it uses for the procurement of IT products to be used over the DoD network infrastructures. Previously names the Unified Capabilities Approved Products List (UC APL), …

Read more

Common Criteria

Version 2 of the NDcPP Is Here

NIAP has endorsed and listed the second version of the Network Device Collaborative Protection Profile (NDcPP) to be used for Common Criteria evaluations in the United States. The use of the Protection Profile is for those …

Read more

blank

Assurance Through Federal Certifications

Shashi Karanam, Corsec’s Senior Certification Consultant, will be speaking on Providing Assurance Through Federal Certifications from FISMA to NIST SP 800-53 Security Controls at this years Certified InfoSec Conference in the Washington DC metro area …

Read more

blank

Pentagon Releases New Security Policies

Last Friday’s DoD Industry Day on Network Penetration Reporting and Contracting for Cloud Services came with a big announcement from the Pentagon’s head of IT – DoD CIO John Zangardi. The Pentagon will begin to hold contractors …

Read more

Common Criteria

Common Criteria NDcPP Version 2 Released

The newest version of the Common Criteria Network Device Collaborative Protection Profile (NDcPP) and Supporting Documents (SD) has been released. Key changes in version 2.0 include: Support for distributed TOEs Updated X509 certificate authentication requirements …

Read more

Corsec-Common-Criteria

Common Criteria Version Update

Common Criteria, the internationally recognized set of guidelines (ISO 15408), which define a common framework for evaluating security features and capabilities of Information Technology security products, has been updated to CC v3.1 Release 5. This new release …

Read more

U.S. Gov

Monthly Fed Roundup – April 2017

DISA’s April News DISA system improves access to video surveillance for intel community NIST’s April News Cryptographic attack cited for the FF3 technique for format-preserving encryption (FPE)Requested Public Comment On: Draft Special Publication (SP) 800-190, Application …

Read more

blank

Cover Your Assets: 3 Ways To Protect Your IP

The cost of Intellectual Property (IP) theft is not one to be taken lightly. From steep financial losses to the irreparable damage to brand perception, IP theft can swiftly and unapologetically dismantle an organization from …

Read more

blank

CMVP Changes to FIPS 140-2

During the recent Cryptographic Module User Forum (CMUF) meeting, CMVP, which oversees FIPS 140-2 validations in the United States and Canada, announced updates and changes to policy for stagnant modules, the historical list, and documentation …

Read more

DoD APL Myths

Dispelling DoDIN APL Listing Myths

The hoops that companies must jump through in order to sell into the Federal government can be difficult to understand and sometimes misleading. As with any government process, misconceptions surrounding what is required begin to …

Read more

U.S. Gov

Monthly Fed Roundup – January 2017

DISA’s January News DISA focuses on Innovation during the Armed Forces Communications and Electronics Association panel NIST’s January News NIST Draft Releases: Draft Special Publication 800-12, Revision 1, An Introduction to Information Security NIST Interagency Reports: …

Read more

blank

Updates to CMVP’s Sunsetting Policy

From the CMVP on their validation Sunsetting Policy: The CMVP is adopting a five year validation sunsetting policy, effective February 1, 2017. The CMVP will move all validation entries with most recent validation dates** prior to February 1, …

Read more

blank

New Guidance On FIPS 140-2 Listings

The Cryptographic Module Validation Program (CMVP), which was established by NIST to validate modules for the Federal Information Processions Standard (FIPS), has announced upcoming policy changes for the Modules In Process (MIP) list and Implementation Under Test …

Read more

blank

Your Security Strategy – Are You At Risk?

$7 Million Dollars – According to a recent study by IBM, that’s the average cost of a security breach. The overall brand damage can be catastrophic, huge financial losses and customer abandonment. Companies like Target and …

Read more

CMUF-Common-Criteria

CMUF Monthly Update: July

Here are the monthly updates for July from the CMUF Members Meeting. Changes to the In Process List: One of the most noteworthy updates is that the CMVP will be splitting the Modules in Process …

Read more

FIPS Inside

FIPS Inside: Is It Right For Me?

Implementing a FIPS 140-2 validation into your product is a great way to strengthen your solution, enhance your brand, and secure your bottom line. When pursuing FIPS, you will be faced with difficult and often confusing …

Read more