In September, Corsec uncovered a policy change that would affect a number of Common Criteria evaluations following this NIAP announcement:\u00a0\u201cPer published NIST notifications, all non-56B-compliant key transport schemes will be disallowed in the U.S. government after 2017.\u201d<\/em><\/p>\n

Corsec immediately began to engage with NIAP, our customer base, our network of testing labs, and contacts within various standards certifying bodies; seeking clarification on the announcement (referred to as \u201cLabgram #106\u201d and \u201cValgram #126\u201d) to determine the impact it would have on our customers and to the industry as a whole.<\/p>\n

Corsec recognized that there were inherent issues with the policy, and presented these concerns to NIAP. After weeks of collaboration, NIAP agreed to rescind the Labgram and on October 31, they made the following official announcement:\u00a0\u201cNIAP has decided that Labgram #106 will be archived and no part of it will be enforced.\u201d<\/em><\/p>\n

As a result, Transport Layer Security (TLS) cipher suites with RSA key agreement\/key transport will continue to be accepted for use within National Security Systems for the foreseeable future (the full text of NIAP\u2019s announcement can be found here<\/a>). This announcement did provide valuable insight into NIAP\u2019s thoughts regarding the use of TLS in National Security Systems. Corsec believes that NIAP will revisit this issue, potentially after updates to NIST Special Publication 800-56 are completed.<\/p>\n

Corsec continuously monitors all industry announcements to ensure that our customers remain informed and advised on all policy and standards changes. If you have concerns about how changes in the industry may affect your existing certification or future certification strategy, please Contact Corsec<\/a>\u00a0for more information.<\/p>\n

You can also stay up to date on news and updates to standards, certifications, and requirements by\u00a0subscribing<\/a>\u00a0to our emails and newsletter, as well as following us on social media:<\/p>\n

 <\/p>\n

<\/a>\u00a0\u00a0\u00a0\u00a0<\/a><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

In September, Corsec uncovered a policy change that would affect a number of Common Criteria evaluations following this NIAP announcement:\u00a0\u201cPer published NIST notifications, all non-56B-compliant key transport schemes will be disallowed in the U.S. government … <\/p>\n

Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":12337,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[15,3,91],"tags":[82,87,25,84,133,39],"class_list":["post-12332","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-common-criteria","category-news","category-security","tag-certification-process","tag-industry-updates","tag-common-criteria","tag-entropy","tag-it-security","tag-security-certifications","infinite-scroll-item","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","no-featured-image-padding"],"yoast_head":"\n