Below you'll find a list of all posts that have been categorized as “Certifications”
Many modern Common Criteria Protection Profiles include X.509 requirements requiring the evaluator to construct a series of certificates designed to verify that a system under test is correctly parsing and validating them. X.509 certificates appear relatively simple on the surface, …
For the past few years, the Common Criteria program has been mandating entropy analysis for almost all protection profile based evaluations. Since November 2020, NIST 800-90B has also become a mandatory requirement under the FIPS 140-2 and the forthcoming FIPS …
[Updated July 6, 2021 – NIAP requires exact match CPU specs in CAVP certificates] Most CC evaluations performed in North America include cryptographic security claims called out in the target Protection Profile (PP) that is being used. Those requirements are …
It’s surprising to think that new-style Common Criteria Protection Profiles have been around in some way shape, or form, since late 2010, when the first Network Devices Protection Profile (NDPP) v1.0 was released by the Information Assurance Directorate (IAD) for …
ACVP Test Harness Considerations
The Network Device international Technical Community recently (in December 2019) published version 2.2 of the collaborative Protection Profile for Network Devices – aka – NDcPP. The NDcPP is the most often used Common Criteria Protection Profile to achieve listing on …
Vendors with products on NIAP’s Common Criteria Product Compliant List (PCL) may from time-to-time receive a request from NIAP for a mitigation plan addressing a given widespread vulnerability (e.g. Meltdown, Spectre etc.). This is in keeping with NIAP Policy 17 …
The Canadian Centre for Cyber Security recently released its updated Common Criteria (CC) Program Instructions which state that they will consider accepting EAL3 and EAL4 evaluations on a case by case basis. Evaluations were previously restricted to those claiming an …
Product certification providers like Lightship have been relatively insulated from the pace of change that other industries have been forced to adapt to over the past several years. That is no longer the case. Increasingly technical, prescriptive test requirements, product …
If you’ve ever spent any amount of time delving into the world of Common Criteria (CC), you’ve no doubt come across the veritable Roman/biblical hierarchy of relationships between the various components. At times, it would make even Cersei Lannister blush. …
