-
First Post-Quantum Algorithm Certificate issued by CAVP3
On July 14, atsec obtained the first validation certificate for a post-quantum cryptographic algorithm: A4204. We used the Automated Cryptographic Validation Protocol (ACVP) to verify the correctness of the LMS (Leighton-Micali Signature) key pair generation, signature generation, and signature verification implementations in the QASM Hardware Security Module, developed…
-
The IoT Security Global Certification Challenges
In today’s interconnected world, the Internet of Things (IoT) has become an integral part of our daily lives. From smart homes to industrial automation, IoT devices are revolutionizing various industries. However, with this increased connectivity comes the need for robust security measures to protect sensitive data and ensure…
-
CEST (Confidential Evaluation of Software Trustworthiness) project finished
Following the news published in early 2022, atsec would like to proudly announce a successful completion of the CEST (Confidential Evaluation of Software Trustworthiness) project – a Swedish research project funded by Vinnova. The CEST project provides a confidential software security assurance environment enabling software supply chains to…
-
atsec is recognized as a SCAS Testing laboratory in the German NESAS certification scheme
As one of the first companies in Germany, atsec has become a certified evaluation laboratory in the German Network Equipment Security Assurance Scheme Cybersecurity Certification Scheme – German Implementation (NESAS CCS-GI) scheme maintained by BSI (Bundesamt für Sicherheit in der Informationstechnik). This certification scheme is based on the…
-
New Cyber Resilience Act in the European Union
On September 15, 2022, the EU Commission presented a proposal for a new Cyber Resilience Act to protect consumers and businesses from products with inadequate security features. This EU legislation introduces mandatory cybersecurity requirements for products with digital elements, throughout their whole lifecycle. The EU legislation will impose:…
-
Securing the Software Supply Chain
All components comprising a software product are ultimately the responsibility of the developer of that product, even if one or more of those components is supplied by a third party. This is especially true when the product is evaluated for Common Criteria (CC) certification. Recently, the National Security…
-
Challenges and Opportunities
Many of us who have been in the evaluation and certification (validation) business have seen the development, not only of security requirements and schemes, but also how the “security echo system” works. A few weeks ago, I was generously given the opportunity to share some ideas at the…
-
Update on the IT Security Standards in China
(“Information Security and Cryptography” in Chinese Calligraphy) In this article, we provide an up-to-date overview regarding IT security standards as well as the current situation of IT security testing and certification in China. It also covers the topics related to security assessment and compliance in the financial industry.…
-
Cybersecurity Certification Schemes in Europe
atsec has recently participated in two conferences that focused on cybersecurity certification: the 2022 International Conference on the EU Cybersecurity Act in Brussels, Belgium, and ENISA Cybersecurity Certification Conference 2022 in Athens, Greece. atsec contributed with two presentations at the EU Cybersecurity Conference “Successful cPP Certification under the…