We took a strategic decision early on at Lightship Security to focus our initial Greenlight development efforts on automating the tests specified by the Network Device collaborative Protection Profile (NDcPP). There are two main reasons for this: It is the …
Notable NDcPPv2.1 Changes (from v2.0e)
[March 12, 2019 Update] NDcPPv2.1 has been formally endorsed by NIAP. NDcPPv2.1 is hot off the presses from the Network iTC. It is yet to be officially accepted by NIAP for PCL usage however this is probably not too far off, …
Lightship at IAEA Meeting on Cyber Risk in the Nuclear Supply Chain
Lightship Security Director of Consulting, Lachlan Turner, was nominated by the Government of Canada to participate in the International Atomic Energy Agency (IAEA) Technical Meeting on Reducing Cyber Risks in the Supply Chain which was held at IAEA’s Headquarters in …
NIAP TD0321: Protection of NTP communications
Update 2018-Oct-03: This post has been updated within new information from NDcPP v2.1. NIAP has issued Technical Decision TD0321 against the Network Device Collaborative Protection Profile (NDcPPv2.0e) mandating the use of a trusted channel (IPsec, SSH, TLS, DTLS, HTTPS) for NTP (or …
Common Criteria Lab Accreditation
We are excited to announce that Lightship Security is a fully accredited Common Criteria laboratory. Prepare for warp-speed certifications! Contact us to find out how our experienced team uses Greenlight automation and Lightship’s industry first functional gap assessment methodology to transform your certification experience. …
How to get on the NSA/NIAP Product Compliant List (PCL)
Many vendors seeking to sell hardware or software to the U.S. Government, particularly to defense and intelligence agencies, will find that cyber security product certification is mandated by federal procurement requirements (CNSSP 11) for these environments. We know, because many …
Lightship Security interview with Ottawa Business Journal
Our President Jason Lawlor talks with the Ottawa Business Journal to explain what Lightship Security is all about. Interview topics include: An introduction to Lightship Security… and why the name Lightship? Product certification and Common Criteria overview Certification at the Speed of …
Agile Assurance: Modernizing IT Product Certification
In an agile development model, software is developed in incremental, rapid cycles with the goal of continuous improvement, fast flaw remediation and improved customer experience. Agile models advocate adaptive planning, evolutionary development, early delivery, fast iterations, and rapid response to …
NDcPP – The devil is in the details
In this post, we identify some common problem areas for vendors complying with the Network Device Collaborative Protection Profile (NDcPP). We’ll discuss how Lightship has adjusted to the new reality that every product going against the very prescriptive NDcPP will …
Goodbye TLS_RSA
[Dec 13, 2017 update: The plot thickens… in early December researchers revived a 19-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server – known as The Robot Attack. ROBOT only affects TLS cipher …