Below you'll find a list of all posts that have been categorized as “Certifications”
Vendors with products on NIAP’s Common Criteria Product Compliant List (PCL) may from time-to-time receive a request from NIAP for a mitigation plan addressing a given widespread vulnerability (e.g. Meltdown, Spectre etc.). This is in keeping with NIAP Policy 17 …
The Canadian Centre for Cyber Security recently released its updated Common Criteria (CC) Program Instructions which state that they will consider accepting EAL3 and EAL4 evaluations on a case by case basis. Evaluations were previously restricted to those claiming an …
Product certification providers like Lightship have been relatively insulated from the pace of change that other industries have been forced to adapt to over the past several years. That is no longer the case. Increasingly technical, prescriptive test requirements, product …
If you’ve ever spent any amount of time delving into the world of Common Criteria (CC), you’ve no doubt come across the veritable Roman/biblical hierarchy of relationships between the various components. At times, it would make even Cersei Lannister blush. …
In part 2 of our multi-part Lightship Security video tutorial series geared toward vendors who are new to FIPS 140-2, we discuss the concept of cryptographic boundaries, cryptographic libraries and the design aspects required for FIPS 140-2 compliance. The previously …
[March 14, 2019 update] The NIAP list of TDs is now up to date with NDcPP v2.1 attribution. NIAP announced their endorsement today of version 2.1 of the Network Device collaborative Protection Profile. We’ve previously described the changes in NDcPP v2.1. …
Vendors undertaking a Common Criteria project for the first time are often surprised by the scope and focus of the testing for a Network Devices collaborative Protection Profile (NDcPP) CC evaluation. Lightship’s Technical Director, Greg McLearn often refers to the …
[March 12, 2019 Update] NDcPPv2.1 has been formally endorsed by NIAP. There are 41 products listed on the NIAP PCL that are compliant with the collaborative Protection Profile for Network Devices (NDcPP) v1.0. These PCL listings will all expire within the next …
We took a strategic decision early on at Lightship Security to focus our initial Greenlight development efforts on automating the tests specified by the Network Device collaborative Protection Profile (NDcPP). There are two main reasons for this: It is the …
[March 12, 2019 Update] NDcPPv2.1 has been formally endorsed by NIAP. NDcPPv2.1 is hot off the presses from the Network iTC. It is yet to be officially accepted by NIAP for PCL usage however this is probably not too far off, …
