In part 2 of our multi-part Lightship Security video tutorial series geared toward vendors who are new to FIPS 140-2, we discuss the concept of cryptographic boundaries, cryptographic libraries and the design aspects required for FIPS 140-2 compliance. The previously published part 1 of the series can be found here.
Read More
NIAP announced their endorsement today of version 2.1 of the Network Device collaborative Protection Profile. We’ve previously described the changes in NDcPP v2.1. In this post, we look at which NIAP Technical Decisions (i.e. interpretations / minor edits) will still apply to this new version.
Read More
Vendors undertaking a Common Criteria project for the first time are often surprised by the scope and focus of the testing for a Network Devices collaborative Protection Profile (NDcPP) CC evaluation. Lightship’s Technical Director, Greg McLearn often refers to the testing involved in the NDcPP as “ensuring that the product is a good network citizen”. This is the NDcPP philosophy.
Read More
In this multi-part Lightship Security video tutorial series geared toward vendors who are new to FIPS 140-2, we discuss the “origins” of a cryptographic module and the design requirements for FIPS 140-2 compliance. The tutorial also touches on self-tests and the concept of FIPS 140-2 “modes of operation” including Approved, non-Approved, and Mixed Modes. Stay tuned for further installments.
Read More
Edit 20-March-2019: NIAP published a v1.1 of the Functional Package which addresses many of the item discussed in this blog. The title of the blog is updated and ambiguities previously found are corrected where they’ve been addressed.
NIAP recently released their first, and widely anticipated, modular protection profile package targeting the TLS communication protocol. This package is not meant to stand on its own and is designed to be included within new versions of NIAP protection profiles. While it is unlikely to be explicitly referenced by collaborative Protection Profiles (cPP), the requirements will almost certainly be highly similar.
Read More
December marks the 3-year anniversary of the founding of Lightship. As such, we’ve been taking stock to consider our progress, challenges and future plans.
First the good news. In 2018, Lightship was able to successfully execute on the following:
We took a strategic decision early on at Lightship Security to focus our initial Greenlight development efforts on automating the tests specified by the Network Device collaborative Protection Profile (NDcPP). There are two main reasons for this:
Now, we have automated the testing not only for NDcPP but also several other Protection Profiles by virtue of this SFR re-use. Below we present an analysis of the re-use of NDcPP requirements across NIAP Approved Protection Profiles (all but a few).
As part of our continued commitment to develop innovative certification automation solutions, Lightship Security is pleased to announce that it has received additional development funding from the National Research Council of Canada Industrial Research Assistance Program (NRC IRAP).
The NRC IRAP support will be used by Lightship to provide advanced functionality of our industry first Conformance Automation Platform – Greenlight, specifically to support our growing list of clients with continuous certification readiness through automated functional pre-testing.
NDcPPv2.1 is hot off the presses from the Network iTC. It is yet to be officially accepted by NIAP for PCL usage however this is probably not too far off, perhaps with some minor tweaks (the new NTP SFR being something to watch).
Here are some notes from our initial review:
