The Information Security Provider
atsec IT Security Blog
News about Common Criteria, Cryptographic Modules, Conferences
and other topics revolving around IT security.
-
Cybersecurity Requirements for Medical Devices
On September 26, 2023, The Food and Drug Administration (FDA) released their finalized Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions guidance document. This document provides general principles for device cybersecurity relevant to device manufacturers. It seeks to emphasize the importance of safeguarding medical…
-
The 11th International Cryptographic Module Conference
The 11th International Cryptographic Module Conference (ICMC) started today. This year the conference is held from September 20th to 22nd 2023 at the Shaw Center in Ottawa Canada. The conference itself kicked off with Yi Mao, CEO of atsec US, giving the opening speech. It featured our latest…
-
Artificial Intelligence in Evaluation, Validation, Testing and Certification
Everybody seems to jump on the AI bandwagon these days, “enhancing” their products and services with “AI.” It sounds, however, a bit like the IoT hype from the last decade when your coffee machine desperately needed Internet access. This time, though, there’s also some Armageddon undertone, claiming that…
-
Entropy Source Validation (ESV) Certificate Issued for the Intel DRNG
Recently the CMVP has granted ESV certificate #E57 to the Intel DRNG entropy source. The testing and submission was done by atsec and it marks the first ESV certificate granted to the Intel DRNG. The Intel DRNG (Digital Random Number Generator) is a hardware Random Bit Generator (RBG)…
-
First Post-Quantum Algorithm Certificate issued by CAVP3
On July 14, atsec obtained the first validation certificate for a post-quantum cryptographic algorithm: A4204. We used the Automated Cryptographic Validation Protocol (ACVP) to verify the correctness of the LMS (Leighton-Micali Signature) key pair generation, signature generation, and signature verification implementations in the QASM Hardware Security Module, developed…
-
The IoT Security Global Certification Challenges
In today’s interconnected world, the Internet of Things (IoT) has become an integral part of our daily lives. From smart homes to industrial automation, IoT devices are revolutionizing various industries. However, with this increased connectivity comes the need for robust security measures to protect sensitive data and ensure…
-
CEST (Confidential Evaluation of Software Trustworthiness) project finished
Following the news published in early 2022, atsec would like to proudly announce a successful completion of the CEST (Confidential Evaluation of Software Trustworthiness) project – a Swedish research project funded by Vinnova. The CEST project provides a confidential software security assurance environment enabling software supply chains to…
-
atsec attended the Omnisecure conference in Berlin
Like last year, three representatives of atsec Germany attended the Omnisecure conference from May 22 through 24, 2023, in Berlin. The Omnisecure conference has a clear focus on the German market and, in particular, national approvals of IT security products – one of the main business domains for…
-
MOVEit Vulnerability
An alleged Russian-linked ransomware gang has exploited a vulnerability in a popular file transfer tool called MOVEit to attack both commercial and government targets world-wide. This attack appears to include data theft as well as the deployment of ransomware. Since we have been asked by one of our…