Common Criteria | Lightship Security

ESV for Common Criteria

Marina Ibrishimova and Lachlan Turner July 10, 2024Certifications, Common Criteria, Entropy

NIAP recently released Labgram #118 – Entropy Source Validation Certificates. It mandates that ESV certificates must be included as part of the Entropy Assessment Report (EAR) for all products that enter evaluation with NIAP from January 1st, 2025. Effective immediately, vendors may submit EARs that refer to an ESV certificate. This blog post discusses what ESV is, how it relates to Common Criteria under NIAP and the impact of this policy on vendors undertaking evaluations outside of NIAP (e.g. Canada etc.) but seeking NIAP PCL entry.

EUCC Perspectives

Lachlan Turner January 8, 2024Common Criteria

In this post we examine the proposed European Cybersecurity Certification Scheme (EUCC). We’ll cover:

What does the new version of the CC mean for me?

Lachlan Turner June 28, 2023Common Criteria

Short answer: probably not much! For most vendors and users of the CC, things will roll on normally. It will be the national certification schemes, labs and technical communities that must adjust. Long answer: there are some aspects and circumstances …

Entropy in OpenSSL 3.0

Greg McLearn January 23, 2023Common Criteria, Entropy, FIPS 140-3

Vendors are increasingly looking to leverage OpenSSL 3.x as their cryptographic module of choice within their products. At the same time, entropy continues to a be a focus in both FIPS 140-3 and Common Criteria projects. For those transitioning from …

ACVP Vector Test Harness for OSSL 3.x

Jonathan Plata and Greg McLearn October 25, 2022ACVP, Tools

Lightship has released, as open source, an ACVP vector test harness for OpenSSL 3.x. The code can be found in our GitHub repository at https://github.com/lightshipsec/ls-acvp-harness. The README.md contains the current capabilities which we expect to update and maintain. At the …

X.509 CA:FALSE Testing

Kenji Yoshino October 20, 2022Certifications, Common Criteria

Many modern Common Criteria Protection Profiles include X.509 requirements requiring the evaluator to construct a series of certificates designed to verify that a system under test is correctly parsing and validating them. X.509 certificates appear relatively simple on the surface, …

Product Development. What’s Assurance Got To Do With It?

Garrett Nickel April 28, 2021Common Criteria

Observations from a CC newcomer If you’re new to Common Criteria (CC), you might be feeling a little overwhelmed and find yourself wondering if the effort in performing the certification is really worth it. As a newcomer to the industry …

Welcome to the NIAP TLS 1.1 Functional Package

Greg McLearn January 13, 2019Uncategorized

Edit 20-March-2019: NIAP published a v1.1 of the Functional Package which addresses many of the item discussed in this blog. The title of the blog is updated and ambiguities previously found are corrected where they’ve been addressed. NIAP recently released …

Execution and Ambition – Year in Review

Jason Lawlor December 19, 2018Lightship News

December marks the 3-year anniversary of the founding of Lightship. As such, we’ve been taking stock to consider our progress, challenges and future plans. First the good news. In 2018, Lightship was able to successfully execute on the following: Became …

Government of Canada Funding for Greenlight Conformance Test Automation

Jason Lawlor November 20, 2018Common Criteria, Lightship News

As part of our continued commitment to develop innovative certification automation solutions, Lightship Security is pleased to announce that it has received additional development funding from the National Research Council of Canada Industrial Research Assistance Program (NRC IRAP). The NRC …