Cloud-Computing

DISA Updates Cloud Computing Security

Last week, the Department of Defense (DOD) released an update to the Cloud Computing Security Requirements Guide (CC SRG) through the Chief Information Office and the Defense Information Systems Agency (DISA). This update provides guidance …

Read more

niap

NIAP archives Products with Outdated RNG

NIAP, the governing body over Common Criteria in the U.S., announced last week that it would be removing products from their Product Compliant List (PCL) that do not meet new Random Number Generator (RNG) requirements.  This …

Read more

FIPS 140, CSfC, Common Criteria, UC APL

NIST’s Draft PUB on Entropy and RNG

Last month NIST released a draft publication on sources of Entropy and randomness in protecting sensitive data. The draft “Special Publication 800-90B, Recommendation for the Entropy Sources Used for Random Bit Generation”, is intended to help product vendors …

Read more

CC-Certification-Common-Criteria-Certification

NSA Reorganization

In December of 2015, we heard about the NSA’s proposed reorganization (its biggest in 20 years) and a few of the potential impacts it could have on the agency and industry as a whole.  One critical …

Read more

Whitehouse

Obama Signs Executive Orders

President Obama created two new executive orders on Tuesday: The first, a Commission on Enhancing National Cybersecurity, dedicated to “enhance cybersecurity awareness and protections at all levels of Government, business, and society, to protect privacy, to ensure public safety …

Read more

Crypt-Library

High Severity OpenSSL Vulnerability

On January 28th, 2016, OpenSSL released a patch to update a high risk vulnerability.  It was discovered and reported that prime “files may not be “safe”.  Where an application is using DH configured with parameters …

Read more

CMVP

CMVP Has Begun Archiving!

As previously mentioned, CMVP announced that all FIPS 140-2 validations that use Random Number Generators (RNG), as well as certifications that use both the NIST 800-90A DRBG and RNG will be required to re-validate, otherwise, they will …

Read more

Whitehouse

White House Updates

When the Whitehouse issued its new action plan to prevent security breaches and attacks similar to that of the OPM fiasco, part of the plan was to acknowledge a number of cybersecurity gaps; some of which will ultimately impact …

Read more

OpenSSL-FIPS-Compliance

FIPS Compliance and OpenSSL

Product vendors often rely on OpenSSL to meet FIPS requirements. However, with the new CMVP requirements and regulations, vendors using certain versions of the OpenSSL cryptographic library to meet FIPS 140-2 requirements are in jeopardy …

Read more

Binary

Sunsetting of FIPS 140-2 Products

Over 1,500 FIPS 140-2 validated products will be facing archival by CMVP by 2017. Recently, CMVP, the governing body which oversees FIPS 140-2 validations, laid out guidelines and new regulations for validations in two distinct areas: …

Read more

iccc-logo

Changes in Common Criteria and Product Advocacy

As companies look to their 2016 sales objectives, the allure of the FED and it’s $70 billion budget, as well as emerging markets for healthcare, finance, critical infrastructure and the Internet of Things (IoT) is …

Read more

RMF and the DoD's UC APL

RMF: Is It Replacing the DoDIN APL and other Security Certifications?

As companies tap into the growing addressable markets for Commercial and FED, they are confronted with a litany of standards, acronyms and security validations they must overcome in order to stay relevant. The list is daunting, and making sense of this has been our singular focus for the past 18 years. In that time, we…

How-Heartbleed-Affects-Your-Security-Certifications

How Heartbleed Affects Your Security Certifications

Much has been in the news over the past couple of months about the security vulnerability known as Heartbleed. It is of vital interest to businesses and consumers, but especially so for businesses with products intended to provide security for their users. There are some specific and unique impacts to companies who are planning or are in the midst…

FIPS 140, CSfC, Common Criteria, UC APL

A Look Back: 2013 for FIPS, Common Criteria and DoDIN APL

The end of the year is a great time to look back at important milestones and use what we’ve learned to plan for the upcoming year. This year, clearing the air where myths and misconceptions were concerned was a theme that we saw come up repeatedly at Corsec, and laying the groundwork for smooth process…

FIPS 140, CSfC, Common Criteria, UC APL

The Last Details on ICMC 2013 and What to Look for Next Year

Is it too late to talk about the International Cryptographic Modules Conference (ICMC)? Well, it really depends on how you look at it. If you were looking for a timely recap of the conference, then yes, I guess it is. But if you missed any of the details, this might be your last chance to catch up. And planning has just begun for next year’s conference…