October 9, 2019 | 1 Comment | Categories: Uncategorized

Drafts of the SP 800-140x document series are now available for public comment!

These modify the requirements of FIPS 140-3 from ISO 19790 and 24759. Comments are due December 9, 2019.

International Conference on the EU Cybersecurity Act

November 18-19, 2019 | 1 Comment | Categories: Uncategorized

The EU Cybersecurity Act revamps and strengthens the EU Agency for cybersecurity (ENISA) and establishes an EU-wide cybersecurity certification framework for digital products, services and processes.

August 16, 2019 | 1 Comment | Categories: Uncategorized

NIST releases new and updated FIPS 140-2 Implementation Guidance

New Guidance:
• IG G.18 Limiting the Use of FIPS 186-2
• IG D.1-rev3 CAVP Requirements for Vendor Affirmation to SP 800-56A Rev3 and the Transition from the Validation to the Earlier Versions of the Standard

Updated Guidance:
• IG G.8 Revalidation Requirements – Updated Scenario 3A to permit a 3A submission to incorporate a Scenario 1 (non-security relevant) changes to be submitted as a single package.
• IG 9.4 Known Answer Tests for Cryptographic Algorithms - Added a requirement in the symmetric-key algorithms section to self-test the forward and inverse cipher functions (if implemented by the module). Corrected the authenticated encryption mode hierarchy since item 2 (AES KW) testing should not cover item 3 (Triple-DES KW). Clarified how to meet the requirements of the bullets #1-#4 and how they relate to each other. Updated the Additional Comments paragraph to clarify when the PCT applies for an asymmetric key generation implementation.
• IG D.8 Key Agreement Methods – Incorporated vendor affirmation to SP 800-56Arev3 and the new IG D.1rev3 into this IG.
• IG D.10 Requirements for Vendor Affirmation of SP 800-56C - Updated to allow for vendor affirming to SP 800-56Crev1.

May 14-17, 2019 | 1 Comment | Categories: Uncategorized

Come see us at the ICMC this year in Vancouver, Canada