Below you'll find a list of all posts that have been tagged as “Common Criteria”
If you ship network devices into environments that care about Common Criteria, the Network Device Collaborative Protection Profile (NDcPP) is the baseline you live with. NDcPP v3.0e has been the approved version since December 2023; the ND iTC is now iterating …
At Lightship Security, we help leading security product vendors achieve NIAP and EUCC Common Criteria certification quickly and efficiently. As part of Applus+ Labororatories, a global leader in testing, inspection, and certification, we offer a powerful combination of deep technical …
The latest update to NIAP Policy Letter #12 (Update 5) brings a significant change that vendors should be aware of: the inclusion of core functionality as a critical requirement for products undergoing evaluation under NIAP. This new addition places an …
NIAP recently released Labgram #118 – Entropy Source Validation Certificates. It mandates that ESV certificates must be included as part of the Entropy Assessment Report (EAR) for all products that enter evaluation with NIAP from January 1st, 2025. Effective immediately, vendors may submit EARs that refer to an ESV certificate. This blog post discusses what ESV is, how it relates to Common Criteria under NIAP and the impact of this policy on vendors undertaking evaluations outside of NIAP (e.g. Canada etc.) but seeking NIAP PCL entry.
In this post we examine the proposed European Cybersecurity Certification Scheme (EUCC). We’ll cover:
Short answer: probably not much! For most vendors and users of the CC, things will roll on normally. It will be the national certification schemes, labs and technical communities that must adjust. Long answer: there are some aspects and circumstances …
Vendors are increasingly looking to leverage OpenSSL 3.x as their cryptographic module of choice within their products. At the same time, entropy continues to a be a focus in both FIPS 140-3 and Common Criteria projects. For those transitioning from …
Lightship has released, as open source, an ACVP vector test harness for OpenSSL 3.x. The code can be found in our GitHub repository at https://github.com/lightshipsec/ls-acvp-harness. The README.md contains the current capabilities which we expect to update and maintain. At the …
Many modern Common Criteria Protection Profiles include X.509 requirements requiring the evaluator to construct a series of certificates designed to verify that a system under test is correctly parsing and validating them. X.509 certificates appear relatively simple on the surface, …
Observations from a CC newcomer If you’re new to Common Criteria (CC), you might be feeling a little overwhelmed and find yourself wondering if the effort in performing the certification is really worth it. As a newcomer to the industry …
