Category Archive

Below you'll find a list of all posts that have been categorized as “Certifications”

NIST 800-90B Input Data Considerations

Greg McLearn March 8, 2021 Certifications, Common Criteria, Entropy, FIPS 140-2, Tools

For the past few years, the Common Criteria program has been mandating entropy analysis for almost all protection profile based evaluations. Since November 2020, NIST 800-90B has also become a mandatory requirement under the FIPS 140-2 and the forthcoming FIPS …

The Role of Cryptographic Algorithm Validations in Common Criteria (CAVP FAQ)

Lachlan Turner February 8, 2021 ACVP, Certifications, Common Criteria, FIPS 140-2, FIPS 140-3

Most CC evaluations performed in North America include cryptographic security claims called out in the target Protection Profile (PP) that is being used. Those requirements are met by obtaining validation certificates from the Cryptographic Algorithm Program (CAVP). The CAVP is …

Improving Product Security Through Protection Profiles

Greg McLearn May 19, 2020 Certifications, Common Criteria

It’s surprising to think that new-style Common Criteria Protection Profiles have been around in some way shape, or form, since late 2010, when the first Network Devices Protection Profile (NDPP) v1.0 was released by the Information Assurance Directorate (IAD) for …

Comparing CAVP and ACVP – Test Harness Implications

Alex Thurston February 10, 2020 ACVP, Certifications, FIPS 140-2

ACVP Test Harness Considerations

What’s New in NDcPP v2.2?

Lachlan Turner February 5, 2020 Certifications, Common Criteria

The Network Device international Technical Community recently (in December 2019) published version 2.2 of the collaborative Protection Profile for Network Devices – aka – NDcPP. The NDcPP is the most often used Common Criteria Protection Profile to achieve listing on …

NIAP Requests for a Mitigation Plan

Lachlan Turner December 11, 2019 Certifications, Common Criteria

Vendors with products on NIAP’s Common Criteria Product Compliant List (PCL) may from time-to-time receive a request from NIAP for a mitigation plan addressing a given widespread vulnerability (e.g. Meltdown, Spectre etc.). This is in keeping with NIAP Policy 17 …

Canada Open for EAL4

Lachlan Turner October 17, 2019 Certifications, Common Criteria, Lightship News

The Canadian Centre for Cyber Security recently released its updated Common Criteria (CC) Program Instructions which state that they will consider accepting EAL3 and EAL4 evaluations on a case by case basis. Evaluations were previously restricted to those claiming an …

Cyber Security Test Lab 2.0

Jason Lawlor July 19, 2019 Certifications, Uncategorized

Product certification providers like Lightship have been relatively insulated from the pace of change that other industries have been forced to adapt to over the past several years. That is no longer the case. Increasingly technical, prescriptive test requirements, product …

game-of-certifications-common-criteria-requirements

Game of Certifications: A Song of Common Criteria Requirements

Alex Thurston May 27, 2019 Certifications, Common Criteria

If you’ve ever spent any amount of time delving into the world of Common Criteria (CC), you’ve no doubt come across the veritable Roman/biblical hierarchy of relationships between the various components. At times, it would make even Cersei Lannister blush. …

Preparing for FIPS Validation Part 2 – Boundaries and Libraries

Jason Lawlor March 15, 2019 Certifications, FIPS 140-2

In part 2 of our multi-part Lightship Security video tutorial series geared toward vendors who are new to FIPS 140-2, we discuss the concept of cryptographic boundaries, cryptographic libraries and the design aspects required for FIPS 140-2 compliance. The previously …

Page 1 of 3
1
2
3
→