Blog Post Categories
atsec information security | Common Criteria | Conferences | Cyber Security
Cryptographic Algorithms | Entropy Source Validation | FIPS 140-3 | ICCC | ICMC
Information Security | Medical Devices | News | Newsletter | PCI | April Fools
If you’re looking for an older post and can’t find it here, it can likely be found on our old blog.
Below are our blog posts, from newest to oldest.
-
SESIP is an important standard for IoT security, and atsec is now an approved laboratory for SESIP assessments.
-
We enjoyed seeing our colleagues at ICMC24, and have updated this year’s animation with Stephan’s opening remarks.
-
The NCCoE presented an update for the Automated CMVP at ICMC 2024 – we have a bit more detail on atsec’s involvement!
-
ICMC 2024 is here, and it’s packed with excellent sessions on PQC, AMVP, and more. See you there!
-
Dr. Yi Mao speaks with TopCyberPro host Jim West about the Common Criteria, FIPS, and more.
-
atsec’s Yan Liu and Guohua Shen will present at the 2024 PCI SSC 2024 Asia-Pacific Community Meeting on the PCI DSS and ISO/IEC 27001:2002.
-
atsec’s Certification Body has issued its first Common Criteria certificates!
-
With the arrival of the first post-quantum cryptographic algorithms, atsec is ready to provide testing services for them.
-
atsec selected as a PCI Global Executive Assessor Roundtable member for the 2024-2026 term.
-
As a Swift CSP Assessment Provider, atsec can assess compliance with CSP mandatory and advisory controls.
-
Looking back on 25 years of cybersecurity excellence, and looking forward to more.
-
atsec participates in NIST’s SP800-140Br1 Pilot Program.
-
atsec has become an official GSMA member. The GSMA represents the interests of mobile operators worldwide, uniting more than 750 operators with almost 400 companies in the broader mobile ecosystem, including handset and device makers, software companies, equipment providers and internet companies, as well as organizations in adjacent industry sectors. atsec is a GSMA appointed…
-
Entropy Assessment Reports will soon require a NIST Entropy Source Validation certificate – are you ready?
-
The German Federal Office for Information Security approved the use of new Security Assurance Specifications for BSI 5G NESAS.
-
Please enjoy our quick primer on CMVP, CAVP and ESV testing.
-
The European Union Agency for Cybersecurity hosted a Cybersecurity Certification Conference – here are the key takeaways.
-
atsec information security has been qualified by the FIDO Alliance as one of the FIDO Accredited Security Laboratories to evaluate the authenticator products.
-
atsec Sweden has been approved as an IEEE Authorized Testing Facility – we can now test medical devices according to the IEEE 2621 standard!
-
We’ve got a fresh new name and a fresh new direction!
-
A new deterministic random bit generator has been published: the XDRBG.
-
atsec information security hosted a free day-long hybrid event on the Concordia University campus in Austin, TX.
-
Happy Valentine’s Day to our customers, our partners, colleagues and communities around the world that we work with.
-
It’s atsec’s 24th birthday! Thanks to all our customers, partners, and colleagues.
-
Along with the sole use of Kyber KEM, a hybrid mechanism using X25519 can act as a replacement for Kyber KEM.
-
Wishing everyone a merry Christmas and happy New Year!
-
NIST has published first drafts for three Dilithium and Kyber standards.
-
atsec attended the 2023 PCI Asia-Pacific Community Meeting and presented on PIN security.
-
atsec is attending ICCC once again – hope to see you at our booth or one of our sessions!
-
The IEEE established a Medical Cybersecurity Certification Program, and atsec is the first IEEE recognized testing lab!
-
We’re headed off to ICMC23, and we can’t wait to see everyone there!
-
AI is becoming increasingly prevalent and powerful – how is atsec planning to use it?
-
Intel’s Digital Random Number Generator, used in many of its processors, receives an ESV certificate.
-
atsec obtained the first validation for a post-quantum cryptographic algorithm using the ACVP.
-
With IoT devices now integral to our lives, how will we protect the data they collect from cyber criminals?
-
The Confidential Evaluation of Software Trustworthiness research project has been completed!
-
The Omnisecure conference focused on how to handle classified information, and atsec attended to present and learn!
-
While many have been impacted by the MOVEit vulnerability, atsec is unaffected.
-
atsec recently attended two conferences focused on upcoming EU cybersecurity regulations.
-
atsec is embracing the future.
-
atsec was excited to attend the in-person Security Summit in Italy, which featured amazing cybersecurity talks.
-
A new version of the Common Criteria has arrived – are you prepared?
-
atsec is now officially accredited as a certification body by SWEDAC!
-
atsec information security wishes all women a wonderful International Women’s Day.
-
The NSA released the Commercial National Security Algorithm Suite 2.0, detailing future quantum resistant algorithm requirements.
-
atsec information security wishes everyone a Happy Valentine’s Day!
-
A sign of success!
-
Saying farewell to one of our own.
-
Happy Chinese New Year!
-
Another year in the bag.
-
The first certificates tested under the new FIPS 140-3 standard have been published!
-
ICCC was back in person, and better than ever!
-
-
We want to draw your attention to the following publication issued by the German Federal Office for Information Security (BSI): https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2022/221005_Apple_Sicherheitsfunktionen.html In a nutshell for the non-German readers, the article states that Apple has agreed to an independent evaluation of the core security functions of iOS and iPadOS by BSI. This evaluation has been conducted according…
-
The 21st International Common Criteria Conference (ICCC 2022) will be held from November 15 to 17, 2022, in Toledo, Spain. As always, atsec information security looks forward to opportunities for networking and exchanging ideas with our peers in Common Criteria and in the IT security community alike. After two years of virtual conferences, we are…
-
As one of the first companies in Germany, atsec has become a certified evaluation laboratory in the German Network Equipment Security Assurance Scheme Cybersecurity Certification Scheme – German Implementation (NESAS CCS-GI) scheme maintained by BSI (Bundesamt für Sicherheit in der Informationstechnik). This certification scheme is based on the Groupe Speciale Mobile Association (GSMA) NESAS, in…
-
On September 15, 2022, the EU Commission presented a proposal for a new Cyber Resilience Act to protect consumers and businesses from products with inadequate security features. This EU legislation introduces mandatory cybersecurity requirements for products with digital elements, throughout their whole lifecycle. The EU legislation will impose: The proposed regulation will apply to all…
-
The 10th International Cryptographic Module Conference (ICMC) was held from September 14th to 16th 2022, at the Westin Arlington Gateway in the Washington, D.C. area. Yi Mao, Managing Director for atsec information security, wrote the welcome letter in this year’s program: “Dear ICMC 2022 Participants, A very warm welcome to the tentth annual ICMC! In…
-
Stephan Müller’s presentation at the 2022 ICMC.
-
Sal La Pietra, the President and co-founder of atsec information security (atsec), opened the tenth annual International Cryptographic Module Conference this morning at Westin Arlington Gateway in the Washington D.C. area.
-
All components comprising a software product are ultimately the responsibility of the developer of that product, even if one or more of those components is supplied by a third party. This is especially true when the product is evaluated for Common Criteria (CC) certification. Recently, the National Security Agency (NSA) and Cybersecurity and Infrastructure Security…
-
atsec China is pleased to announce that atsec has become one of the PCI Global Executive Assessor Roundtable (GEAR) members for the 2022-2024 term. atsec China has joined in PCI GEAR since 2018 during its initial establishment. In 2022, atsec China is one of 27 organizations to join the PCI GEAR in its efforts to…
-
It is a different kind of blog entry, not about technical expertise or atsec’s latest achievement.It is a 32-minute clip ending with atsec as a sponsor and detailingClarice Assad’s Residence Workshop with Austin Classical Guitar Society (ACGS): https://www.youtube.com/watch?v=aeaNM-bIh-M I had the opportunity to meet with Matthew Hinsley, Executive Director, and Joe Williams, Artistic Director of…
-
atsec China (“atsec” for short in this article) has completed the training and examination on “PCI DSS QSA Version 4 Transition” provided by the Payment Card Industry Security Standards Council (PCI SSC) and became one of the first Qualified Security Assessors (QSA) companies globally to perform the assessment according to the new version of the…
-
Many of us who have been in the evaluation and certification (validation) business have seen the development, not only of security requirements and schemes, but also how the “security echo system” works. A few weeks ago, I was generously given the opportunity to share some ideas at the EU CSA conference in Brussels. Here is…
-
(“Information Security and Cryptography” in Chinese Calligraphy) In this article, we provide an up-to-date overview regarding IT security standards as well as the current situation of IT security testing and certification in China. It also covers the topics related to security assessment and compliance in the financial industry. Security standards are established to support organizations…
-
At atsec, quality and security are more than just words – they encompass everything we do and are deeply embedded in our four principles: We know the businessWe act with integrityWe stay focusedWe are independent Management is committed to the implementation and improvement of an integrated Management System. Every atsec colleague is committed to providing…
-
atsec attended the 20th International Conference on Applied Cryptography and Network Security (ACNS)
Last week, employees from atsec Germany and atsec Italy attended the 20th International Conference on Applied Cryptography and Network Security (ACNS) in Rome, Italy. As the name implies, ACNS highlights academic and industry research in the areas of applied cryptography and network security. Accepted papers are published in Springer’s Lecture Notes in Computer Science series,…
-
atsec has recently participated in two conferences that focused on cybersecurity certification: the 2022 International Conference on the EU Cybersecurity Act in Brussels, Belgium, and ENISA Cybersecurity Certification Conference 2022 in Athens, Greece. atsec contributed with two presentations at the EU Cybersecurity Conference “Successful cPP Certification under the CSA,” presented by Rasma Araby, and “A…
-
After two years of video conferences, we were finally able to meet stakeholders of our community again in person as three representatives of atsec Germany attended the Omnisecure conference from June 21st through 23rd 2022 in Berlin. The Omnisecure conference has a clear focus on the German market with a strong presence of the Bundesamt…
-
atsec is excited to have been invited to the virtual kick-off meeting for the “Automation of the NIST Cryptographic Module Validation Program” at the National Cybersecurity Center of Excellence (NCCoE). The National Institute for Standards and Technology (NIST) organized the kick-off meeting on June 1st of, 2022. It started with an introduction by NIST, followed…
-
atsec wishes all mothers and grandmothers a wonderful and happy Mother’s Day!
-
NIST plans to offer a separate validation program apart from FIPS 140 to cover entropy sources: the ESV (Entropy Source Validation) program (hereafter ESVP). As part of the new validation effort, NIST recently launched an automated system to upload the required information in a structured manner: the Entropy Source Validation (ESV) server. The protocol to…
-
We are excited to announce that atsec information security has become the first IT Security Lab that has been accredited as a testing lab for the Metaverse. IT Security in virtual environments is as important as in the real world. While in the real world there are a lot of security mechanism already in place…
-
From Archimedes to the bright minds of our time, atsec would like to thank all the mathematicians contributing to making our world more secure.
-
atsec information security wishes all women – colleagues, customers, suppliers, and partners – a wonderful International Women’s Day. atsec highly values your contribution and praises your outstandingachievements in information security.
-
FIPS 140-3 has a more detailed set of submission scenarios than FIPS 140-2. It can be daunting to find the right scenario for your situation. The flow diagram below provides an overview and helps to explain the different scenarios. More information can be found in the FIPS 140-3 Management Manual. The Management Manual is currently…
-
atsec information security wishes all colleagues, customers, suppliers, and partners a Happy Valentine’s Day filled with joy, happiness, and security!
-
Our colleague Quentin Gouchet, together with Eric Järpe, authored an article on distinguishing encrypted from non-encrypted data. We invite you to read the article here. Introduction:The discrimination of encrypted data from other kinds of data is of interest in many areas of application. For instance for making other applications work for the communication traffic in…
-
A big hug to you all. Happy Birthday! “atsec is a big hug to the whole team represented in the at-sign @ of our logo!” audaces fortuna juvat “An idea is nothing more or less than a new combination of old elements,” James Webb. atsec, is: “A new idea based on old concepts.” When atsec…
-
This year the motto for our Holiday greeting is “Bridges”, as it symbolizes much of what we do in our daily work. We bridge the difficult terrain of international and national standards between vendors and government agencies, so both parties can reach their respective goals. We bridge the gaps in knowledge by constantly training our…
-
I’ve been with atsec for more than two years, and I am happy to be on board. But when I joined, I had some concerns. Coming from companies with thousands of employees and revenues in the billions, joining a company with less than one hundred employees worldwide and a few digits less in revenue felt…
-
atsec participated in ICCC 2021 from October 19th to 20th, which was held as a fully virtualized conference the second year in a row due to the worldwide pandemic. While we appreciate to have the opportunity to exchange new information as well as give and receive presentations in our domain, we cannot deny that we…
-
A few days ago, I returned from my first business trip in months. I didn’t travel because I had to, but because I decided that it would be better to be on-site instead of handling the project remotely. And we are handling a lot of projects remotely at the moment. But for this project it…
-
Please enjoy this year’s animation from Yi Mao’s opening presentation at the 2021 International Cryptographic Module Conference (ICMC). We also invite you to watch a recording of Yi Mao’s welcome address for the ICMC:
-
We invite you to watch this presentation by Richard Fant on Sample Size in SP800-90B.
-
While the home office has become a normality for many IT companies and operations during the pandemic, the requirements for security evaluation, certifications, accreditations, and other approvals have remained constant. Site visits at the development sites are required to achieve the approval of certification and accreditation. How could this be accomplished when developers, auditors, and…
-
atsec China has been qualified by PCI SSC (Payment Card Industry Security Standards Council) as a Card Production Security Assessor (CPSA) Company to validate an entity’s adherence to the PCI Card Production and Provisioning Logical Security and Physical Security Requirements (two separate security standards). Currently atsec provides the PCI Card Production Logical Security and Physical…
-
Some reflections on security assurance, how it can be achieved and verified, from the view of an evaluation lab. Security assurance is usually hard to grasp and sometimes we have seen there is the misconception how it can be achieved. One of the early milestones in understanding assurance came with the vulnerability analysis of Multics…
-
When atsec was about to be founded, one of the first questions the founders (a German, an Italian, and a Swede) had was which name would best represent the company’s approach to information security, but more importantly, whether the domain would be available. Here is the list of all the available domain names in December…
-
The two most repeated terms at the NIST Entropy Workshop held on April 27-29 are “mathematical model” and “justification.” That brought me back to my college days at Peking University where I first studied Mathematical Logic. Logic is all about valid rules of inference. Mathematical logic applies the techniques of formal logic to mathematics and mathematical reasoning, and applies…
-
Washington, DC—A new cybersecurity initiative dubbed PAWS (Puppy Assisted Warning Systems) has been introduced today by the US Department of Defense (DoD) to combat and deter the rising threat of cybersecurity attacks from countries who have vested interests to undermine US IT infrastructure and businesses. The 1.7 trillion dollar program will be entirely self-funded through…
-
Celebrating International Women’s Day 2021!
-
by Marcos Portnoi, Stephan Mueller, and Viktoria Meyerhoff In 2018, the Internet Engineering Task Force (IETF) published RFC 8446, “Transport Layer Security (TLS) Protocol Version 1.3”, a new standard for the latest version of TLS. TLS is the successor of SSL (Secure Sockets Layer), which was developed by Netscape in 1995. In 2020, the Cryptographic…
-
by King Ables The attack on the SolarWinds network management platform Orion allowed a bad actor to inject malware into the product prior to it being signed and deployed to customers during a regular software update. This highlights a largely underappreciated but universal truth of the Internet age–almost all businesses depend on a software supply…
-
The GSMA (Global System for Mobile Communications) organization recognizes atsec’s ISO/IEC 17025 accreditation that now allows network product evaluations against NESAS Security Assurance Specifications (SCAS). The NESAS scheme is a collaboration and jointly led by 3GPP and the GSMA, and is open to all vendors of network equipment products that support 3GPP defined functions. NESAS…
-
Today atsec celebrates its 21st Birthday! We can finally get a pilot license, gamble at the casino and we won’t be mad when we get carded at the ICMC! We are happy to look back on more than two interesting decades and would like to thank our customers, the government agencies, our colleagues and friends…
-
Our colleagues from around the world wish you Happy and Healthy Holidays and a good start into 2021.
-
by Richard Fant Figure 1: e-Passports issued by different countries In today’s climate of COVID-19, domestic travel has become difficult, and international travel almost impossible. Many US airlines now require their passengers to submit to a COVID-19 test within 24-48 hours prior to travel to prove the traveler is not currently infected. Some countries have…
-
atsec participated in ICCC 2020 from November 16th through 18th, which for the first time had to be held fully virtualized due to the worldwide pandemic. The ICCC used the same conference platform as for the ICMC 2020. In addition to attending the ICCC 2020, a number of atsec consultants joined the virtual CCUF Workshop…
-
It has become an atsec tradition to produce an animation with an FIPS-relevant topic for the ICMC. This year it has the transition from FIPS 140-2 to FIPS 140-3 as the subject – with a personal touch. Yi Mao presented the animation during her opening speech at the virtual ICMC 2020.
-
by Swapneela Unkule NIST SP 800-56A provides recommendations for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography. Diffie-Hellman (DH), Elliptic Curve DH (ECDH) and Menezes-Qu-Vanstone (MQV) key-agreement schemes are specified in this standard. These Key-Agreement Schemes (KAS) are widely used in network protocols such as TLS. The SP 800-56A has been revised twice since its initial…
-
It was the beginning of January when I first heard about the new virus causing severe flu-like symptoms, such as upper respiratory infection, spreading throughout China. I started to worry about our China team. Nevertheless, we continued to plan for the global celebration of atsec’s 20th anniversary, assuming the virus would go away by Spring.…
-
With the sunset of the Cryptographic Algorithm Validation System (CAVS) at end of June 2020, algorithm testing for NIST and NIAP validations and evaluations must now be performed using the Automated Cryptographic Validation Testing System (ACVTS). The list of issued CAVP certificates using ACVTS (i.e. the certificates prefixed with “A”) illustrates that atsec is clearly…
-
Dear CAVS Tool, We want to congratulate you on years and years of dedicated service. Without you, algorithm testing would not have been what it is today, and we salute you for staying with us for so long. On June 30th you will finally get your well-deserved retirement. Rumors are you will relocate to a…
-
One of the rewards of working in the evaluation and testing business is to see our customers succeed and show the results of their efforts. We are always happy to work with organizations who are committed to IT security and want to improve their products and processes for the benefit of their customers. In that…
-
by Richard FantThe RiseMD5 (message digest version 5) was developed in 1991 and is still very popular today, with a wide range of commercial and government applications. MD5 is used to generate hash values of passwords stored on a system as opposed to storing the passwords in plain text. This password protection method was used…
-
atsec China has been qualified by the PCI SSC (Payment Card Industry Security Standards Council) as a Secure Software Lifecycle (SLC) Assessor and Secure Software Assessor company under the PCI Software Security Framework (SSF) program to evaluate a vendor’s software lifecycle and/or validate a vendor’s payment software. The PCI SSF is a collection of standards…
-
According to sources in the DPA (Data Protection Agency) new guidelines will be issued soon that will make digital trash separation mandatory. Every year an estimated 240 zettabytes of re-usable bits are thrown into desktop trash cans. The new guidelines require operating system manufacturers to implement a recycling bin next to the trash can on…
-
by Richard Fant Meltdown Attack: 2 years laterIn February 2017, independent security researchers discovered a catastrophic security flaw in the cache design for processors developed by Intel Corporation. After embargoing the information for almost a year while working on a fix, Intel publicly announced in January 2018 the security flaw known as the Meltdown Attack.…
-
Happy International Women’s Day to all our wonderful atsec colleagues in Europe, US and Asia.
-
by Andreas Fabis When we talk to our customers about FIPS 140-2 testing some questions regarding certificate maintenance frequently come up: There are many factors that can lead to module or platform changes: technical, business and marketing, to name a few. Navigating the rules and options of FIPS 140-2 re-certification can be challenging, and currently…
-
During the period of the novel coronavirus (COVID-19) outbreak in China, I, and many others, have cancelled parties with family, friends and colleagues—even during the traditional Chinese Lunar New Year. We have also decided to work remotely with atsec colleagues, customers, and partners. This gave me more time to think and learn, and I wanted…
-
atsec is happy to announce that we are now a licensed Conformity Assessment Body (CAB) under Electronic Identification, Authentication and Trust Services (eIDAS). eIDAS is an EU regulation on electronic identification and trust services for electronic transactions that applies as law within the whole of the EU. Trust services include electronic signatures, electronic seals, time…
-
During my almost 20 years with the company (first as a freelancer, then as an employee) I have seen atsec grow from a small, determined group of IT professionals in a crammed room full of computers into an international company with a well-earned, excellent reputation in the IT security world. Growing from the first baby…
-
(click on the image or follow this link for a special greeting from atsec) To all of our valued customers, colleagues, friends and family we wish Happy Holidays and a Safe and Secure New Year. We are looking forward to working with you in the coming year. Regards,your atsec team
-
November 21, 2019, Melbourne, Australia atsec China participated in the PCI Security Standards Council’s 2019 Asia-Pacific Community Meeting held in Melbourne, Australia from the 20th to 21st of November, and also hosted a booth. atsec’s principal consultants provided a presentation on “a PCI Walk in the Clouds.” atsec shared their experience in Payment Card Industry…
-
atsec US Corporate Vice President and Lab Director, Yi Mao, presented “Crypto Testing Leading to Better Security” at InnoTech Austin 2019. Through many examples, Dr. Mao showed the audience that cryptography is the hard core providing data confidentiality, integrity and authenticity. Cryptographic algorithms are used to encrypt sensitive data (e.g. password files), to authenticate users…
-
by Stephan MuellerThe OpenSSL project outlined the development strategy pertaining to the Federal Information Processing Standard (FIPS) 140-2 code in the November 7th, 2019 OpenSSL blog titled “Update on 3.0 Development, FIPS and 1.0.2 EOL.”[1] As a summary, the following relevant aspects for FIPS 140-2 are communicated. · The standard OpenSSL 1.0.2 will be End of…
-
Stephan Mueller With the enforcement of SP800-90B starting in November 2020, the noise sources behind the Linux /dev/random, /dev/urandom and the getrandom system call interfaces must comply with all requirements stipulated by SP800-90B. If this compliance is not achieved, all modules using Linux random number generator as entropy source from its operational environment will likely…
-
The atsec Automated Cryptographic Validation Protocol (ACVP) tool set demonstrated that ACVT is fully production-ready with the completion of the ACVP test run of 3,529 test vector sets managed by 329 test sessions. The testing marks the first successful production test run of ACVT with the three-party approach commonly used during FIPS 140-2 testing. The…
-
atsec China (with the official name – atsec (Beijing) Information Technology Co., Ltd) has been qualified by the PCI SSC (Payment Card Industry Security Standards Council) as a QPA (Qualified PIN Assessor) company to perform the PCI personal identification number (PIN) security assessments according to the PCI PIN Security standard. The recent version of the…
-
NIST’s Special Publication 800-90B “Recommendation for the Entropy Sources Used for Random Bit Generation” (SP800-90B) lays out the testing requirements for random bit generators. According to Implementation Guidance 7.18, compliance to SP800-90B will be mandatory for FIPS 140-2 validations starting November 8th 2020. Our colleague Stephan Mueller recently published an updated, SP800-90B compliant version of…
-
atsec participated in ICCC 2019 held in Singapore from October 1st to 3rd in conjunction with Singapore International Cyber Week (SICW). It was the perfect venue to celebrate the 20th anniversary of the Common Criteria standard with an increase of the Common Criteria Recognition Arrangement (CCRA) membership from 27 to 31 with the addition of…
-
atsec is pleased to announce that it has been licensed by CSA to be a Common Criteria Testing lab (CCTL) under the Singapore Common Criteria Scheme (SCCS). Please check the Common Criteria Portal:https://www.commoncriteriaportal.org/labs/index.cfm as well the Singapore Common Criteria Scheme:https://www.csa.gov.sg/our-programmes/certification-and-labelling-schemes/singapore-common-criteria-scheme/approved-labs atsec is already operating Common Criteria labs under BSI Germany, US NIAP, CSEC Sweden and…
-
by Trang Huynh I had the privilege of being on a discussion panel at the NIAP Validator Workshop this past June. The topic for the panel was “Continuous Software Update,” and the issue we were trying to tackle was Common Criteria (CC) evaluations for products with a high frequency of software updates, such as those…
-
atsec is proud to announce that the Automated Cryptographic Validation Testing (ACVT) service is operational. The atsec Cryptographic Security Testing (CST) laboratory is the first ever to achieve operational status with the Automated Cryptographic Validation Protocol (ACVP) production server operated by NIST. atsec’s ACVP tools are fully implemented and functional. After the test results for…
-
atsec is pleased to announce that the atsec Rome office has been accredited by the Italian scheme, OCSI, for performing Common Criteria evaluations. This is in addition to the accreditations by the Italian security agency, OCSI of our atsec laboratories in the U.S., Germany and Sweden. Garibaldi Conte: Managing Director, atsec Italy, 2019: “I am…
-
atsec congratulates Qualcomm on the successful evaluation of their Snapdragon 855 system on a chip (SOC) processor. The evaluation was performed jointly by atsec information security laboratory GmbH and T-Systems International GmbH laboratory; with the software evaluation being performed by atsec, and the hardware evaluation performed by T-Systems. atsec is proud to have contributed to the…
-
China, Shanghai—From June 19th to 20th, Visa held the Asia Pacific Security Summit in Shanghai, China. During the “Ecosystem Data Security Workshop” on the 19th, Diana Greenhaw, VISA’s Vice President of Global Payment System Risk, gave a speech on “Ecosystem Risk Updates—A Global Perspective”. As one of the signature sponsors, atsec draws attention from industry…
-
After a day of pre-conference workshops, the 7th International Cryptographic Module Conference (ICMC) was kicked off this morning with a welcome address from atsec’s VP and Lab Director Yi Mao. (from left to right: Renaudt Nunez, Stephan Mueller, Fiona Pattinson, Swapneela Unkule, Yi Mao) Yi Mao’s Opening Speech for the ICMC 2019: “Good morning everyone!…
-
White Paper international Think-tank Community (iTC) April 1st, 2019 Green Entropy Tasked with consideration of ways and means to reduce the carbon footprint of IT security; after a year of deliberation the iTC have produced the following summary of their report. The full report is available on request to itc@green-entropy.org Research has shown that much effort has recently…
-
Happy International Women’s Day to all our wonderful atsec colleagues in Europe, US and Asia.
-
For several years the value of conformance testing against the FIPS 140-2 specification has been well accepted, and the assurance gained through validated conformance has been specified in several other markets.
-
-
As many of our customers will be aware, the current U.S. government shutdown can affect their projects with atsec. This time, the partial shutdown includes the U.S. Department of Commerce, and hence NIST’s Computer Security Resource Center. This affects our customers with FIPS 140-2 conformance validations (CMVP), and cryptographic algorithm validations CAVP/ACVP). The U.S. Common…
-
atsec is proud to present support for the NIST ACVP testing framework which replaces the legacy NIST CAVS testing. Cryptographic algorithm validation program (CAVP) testing is required for cryptographic modules undergoing conformance testing and validation according to the FIPS 140-2 specification. It is also required for Common Criteria evaluations performed in accordance with the NIAP Common Criteria Evaluation…
-
The Network International Technical Community (iTC) published the Network Device Collaborative Protection Profile (NDcPP) version 2.1. This is the latest update to the NDcPP series of cPPs. Vendors looking to perform a NIAP evaluation using this cPP will need to wait until NIAP approves the new version. In the past, NIAP has taken about one…
-
After a day of pre-conference workshops, the International Cryptographic Module Conference (ICMC) 2018 was kicked off this morning with a welcome address from atsec’s VP and Lab Director Yi Mao. The welcome was followed by keynote speeches from Jason Hart, CTO of Data Protection for Gemalto UK and Scott Jones, Assistant Deputy Minister of Information…
-
Near the end of 2017, NIAP issued and later retracted Labgram #106. This Labgram warned that RSAES-PKCS1-v1.5 would be disallowed by NIST after 2017 which meant that it would also be disallowed by NIAP after 2017 in CC evaluations. The reason for the retraction was because NIST delayed the publication of their update to NIST…
-
In a major announcement, atsec information security announces the establishment of partnerships with major retail outlets around the world, in a bid to provide more convenient provision of security assurance to users of commercial IT products. Users of commercial off the shelf products purchased through major retail outlets can set default profile options such as…
-
Oh boy!!! Yet another year has gone by and we are celebrating International Women’s Day again. This year the theme is “Time is Now: Rural and urban activists transforming women’s lives”. I must say that working in atsec has always been free of the worries about gender inequality that I’ve been reading such a lot about…
-
It is 18 years since atsec was founded on January 11th, 2000. Since then atsec has made a very significant contribution to information security. As one of the only truly independent labs atsec is still self-funded, owned by professionals in the security assurance business and a key player in the technologies and geographies in which…
-
What is eIDAS? Evaluation and certification of trustworthy systems and signature and seal creation devices becomes increasingly important due to the new eIDAS regulation (EU Regulation No. 910/2014) that entered into force in the 28 EU Member States in July 2016. eIDAS is an EU regulation on electronic identification (eID) and trust services (AS), which…
-
Over the last few years we have seen some maturation in the processes of providing information security assurance. This is good. First let’s roll back into history, to the days in the ‘70’s and ‘80’s, when it could not be safely assumed that the operating systems in use implemented access control correctly. “The Birth and…
-
“Dear Community, It is the second time that I have had the honor and pleasure to open the International Cryptographic Module Conference. This year is very special since it is the fifth anniversary of the conference. I’d like to welcome you all with an image from the end of the 1st ICMC. Many of you…
-
Unfortunately, atsec has been accused of distributing fake news. Here at atsec we take such an accusation seriously. We have performed a thorough internal investigation and have determined that the accusation is true. atsec has been guilty of disseminating fake news on an annual basis for the last fifteen years. We have followed our internal…
-
atsec customers who have projects for testing, validating, and certifying cryptographic modules for the US government market are intimately familiar with the FIPS 140-2 standard. This standard and its associated supporting documents are produced and published by NIST. Together, the suite of documents define the specification and testing requirements for a cryptographic module that is…
-
The votes have been counted and Zippa Futura and ISO/IEC 19790 win by a large margin:
-
Recognizing the need for secure IT products in all regions of the world, and in support of an internationally agreed Arrangement allowing for the mutual recognition of independently evaluated and validated information technology (IT) products, the Vatican has decided to sign the ISO/IEC 15408 International Recognition Arrangement (I2RA) and has started to validate the security…
-
Cryptographic Algorithm Validations The Cryptographic Algorithm Validation Program (CAVP) is an organization that is managed solely by the National Institute of Standards and Technology (NIST). Information about the CAVP scheme, including the official validation lists, can be found at NIST’s web page for the CAVP. The CAVP certifies that certain algorithms and related security functions…
-
The 2015 International Cryptographic Module Conference (ICMC) started yesterday with a day of pre-conference workshops on FIPS 140 Projects, Breaking into Embedded Devices, and Addressing Unique Security Challenges through Standardization. The main conference was opened today by Yi Mao, Ph.D., CST Lab Manager of atsec, followed by keynote speakers Phil Zimmermann (Creator of PGP, Co-founder,…
-
The 2014 ICMC started with a day of workshops on FIPS 140-2 and ISO/IEC 19790, followed today by keynote speakers Helmut Kurth (atsec information security) and Mary Ann Davidson (Oracle). Almost 200 attendees from around the world came to this year’s conference to discuss topics ranging from high-level policy to advanced technical subjects. One of…
-
This past September was my conference month. I first went to the 14th International Common Criteria Conference (ICCC) in Orlando, Florida and then a week later I was at the 1st International Cryptographic Module Conference (ICMC) in Gaithersburg, Maryland. The theme of the ICCC this year was a collaborative approach. The conference directed the CC…
-
The first ICMC is over.It was a wonderful event and thanks are due to all of the 171 participants for making it so. Participant Quote: “This conference is Win Win Win!”These attendees represented developers, governments, laboratories, consultants, and academics from the cryptographic module community. It turned out to be a truly international affair with people…
-
This first ICMC aims to bring together experts from around the world to confer on the topic of cryptographic modules, with emphasis on their secure design, implementation, assurance, and use, referencing both new and established standards such as FIPS 140-2 and ISO/IEC 19790. We are focused on attracting participants from the engineering and research community,…
-
1. Starting without the standard in mindProbably the biggest problem causing issue in a FIPS 140-2 validation project is when the developer decides to ‘back into’ the standard after the fact. Trying to validate a product that was developed without being mapped to the standard is more difficult at the very least and has a…
-
Galactic Emperor pleased about timely completion GAMMA DELPHI, Phnil’krq-Nebula – Stardate 2454191.50001atsec information security is pleased to announce Cosmic Criteria certification of the Mark VII Transporter Beam Control Software (Update 3.1, Fix Pack 2) at Stellar Assurance Level 9 augmented with flaw remediation (SAL9+) in compliance with the Particle Transmission Protocol Protection Profile (PTPPP). PTPPP…
-
Evaluation of Färist VPN and Firewall marks pioneering effort for Tutus AB, atsec AB, and CSEC Stockholm, Danderyd, Sweden – atsec information security AB is performing an EAL4+ evaluation of Tutus Data AB Färist VPN and Firewall for certification by the Swedish Certification Body for IT Security (CSEC). Of course an EAL4+ evaluation is nothing…