The Information Security Provider
atsec IT Security Blog
News about Common Criteria, Cryptographic Modules, Conferences
and other topics revolving around IT security.
-
ICMC Presidential Debate
The votes have been counted and Zippa Futura and ISO/IEC 19790 win by a large margin:
-
The Vatican Signs the ISO/IEC 15408 International Recognition Arrangement
Recognizing the need for secure IT products in all regions of the world, and in support of an internationally agreed Arrangement allowing for the mutual recognition of independently evaluated and validated information technology (IT) products, the Vatican has decided to sign the ISO/IEC 15408 International Recognition Arrangement (I2RA)…
-
Commercial Assurance of Cryptography in North America
Cryptographic Algorithm Validations The Cryptographic Algorithm Validation Program (CAVP) is an organization that is managed solely by the National Institute of Standards and Technology (NIST). Information about the CAVP scheme, including the official validation lists, can be found at NIST’s web page for the CAVP. The CAVP certifies…
-
The Third International Cryptographic Module Conference Has Begun
The 2015 International Cryptographic Module Conference (ICMC) started yesterday with a day of pre-conference workshops on FIPS 140 Projects, Breaking into Embedded Devices, and Addressing Unique Security Challenges through Standardization. The main conference was opened today by Yi Mao, Ph.D., CST Lab Manager of atsec, followed by keynote…
-
The Second International Cryptographic Module Conference
The 2014 ICMC started with a day of workshops on FIPS 140-2 and ISO/IEC 19790, followed today by keynote speakers Helmut Kurth (atsec information security) and Mary Ann Davidson (Oracle). Almost 200 attendees from around the world came to this year’s conference to discuss topics ranging from high-level…
-
Collaboration and Openness to the Rescue of Entropy
This past September was my conference month. I first went to the 14th International Common Criteria Conference (ICCC) in Orlando, Florida and then a week later I was at the 1st International Cryptographic Module Conference (ICMC) in Gaithersburg, Maryland. The theme of the ICCC this year was a…
-
A Summary of the First ICMC
The first ICMC is over.It was a wonderful event and thanks are due to all of the 171 participants for making it so. Participant Quote: “This conference is Win Win Win!”These attendees represented developers, governments, laboratories, consultants, and academics from the cryptographic module community. It turned out to…
-
Call for Papers: The First International Cryptographic Module Conference (ICMC 2013)
This first ICMC aims to bring together experts from around the world to confer on the topic of cryptographic modules, with emphasis on their secure design, implementation, assurance, and use, referencing both new and established standards such as FIPS 140-2 and ISO/IEC 19790. We are focused on attracting…
-
The Top 3 Mistakes When Starting a FIPS 140-2 Project
1. Starting without the standard in mindProbably the biggest problem causing issue in a FIPS 140-2 validation project is when the developer decides to ‘back into’ the standard after the fact. Trying to validate a product that was developed without being mapped to the standard is more difficult…