加载中…

加载中...

个人资料
atsec官博
atsec官博 新浪机构认证
  • 博客等级:
  • 博客积分:0
  • 博客访问:22,243
  • 关注人气:13
  • 获赠金笔:0支
  • 赠出金笔:0支
  • 荣誉徽章:
访客
加载中…
好友
加载中…
评论
加载中…
留言
加载中…
分类
博文
(2019-03-12 17:26)

Happy International Women's Day to all our wonderful atsec colleagues in Europe, US and Asia.



阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
标签:

atsec



阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
标签:

nist

As many of our customers will be aware, the current U.S. government shutdown can affect their projects with atsec.


This time, the partial shutdown includes the U.S. Department of Commerce, and hence NIST's Computer Security Resource Center. This affects our customers with FIPS 140-2 conformance validations (CMVP), and cryptographic algorithm validations CAVP/ACVP).



https://csrc.nist.gov/groups/STM/cmvp/

 

The U.S. Common Criteria scheme, operated by NIAP, seems so far to be unaffected.

 

O

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
标签:

acvp

atsec is proud to present support for the:

NIST ACVP testing framework

 

which replaces the legacy NIST CAVS testing. Cryptographic algorithm validation program (CAVP) testing is required for cryptographic modules undergoing conformance testing and validation according to the FIPS 140-2 specification. It is also required for Common Criteria evaluations performed in accordance with the NIAP Common Criteria Evaluation and Validation Scheme.

 


The Automated Cryptographic Validation Protocol (ACVP) is a network protocol for which NIST provides a server using the protocol which produces test vect

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
标签:

ndcpp

The Network International Technical Community (iTC) published the Network Device Collaborative Protection Profile (NDcPP) version 2.1 this afternoon (2018-09-24). This is the latest update to the NDcPP series of cPPs. Vendors looking to perform a NIAP evaluation using this cPP will need to wait until NIAP approves the new version. In the past, NIAP has taken about one month to approve the NDcPP once it was published by the Network iTC.

Expect this new cPP to appear on the CC Portal very soon. (https://www.commoncriteriaportal.org/)

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
标签:

icmc

Near the end of 2017, NIAP issued and later retracted Labgram #106. This Labgram warned that RSAES-PKCS1-v1.5 would be disallowed by NIST after 2017 which meant that it would also be disallowed by NIAP after 2017 in CC evaluations. The reason for the retraction was because NIST delayed the publication of their update to NIST SP 800-56B that would effectively disallow RSAES-PKCS1-v1.5-based establishment schemes.


In practice, this disallowance meant that all TLS ciphersuites starting with TLS_RSA_* would be disallowed for use with TLS v1.2 and earlier. This is a large set of commonly supported TLS ciphersuites. Removing them from use would leave only the DH and ECDH-based ciphersuites available for use in TLS.


This update is just to inform you that RSAES-PKCS1-v1.5 is still allowed by NIST and NIAP. We hope to receive updated information from NIST on the SP 800-56B revision at the ICMC conference May 8-11, 2018

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
标签:

security

In a major announcement, dated April 1st, 2018, atsec information security announces the establishment of partnerships with major retail outlets around the world, in a bid to provide more convenient provision of security assurance to users of commercial IT products.

Users of commercial off the shelf products purchased through major retail outlets can set default profile options such as which technology vendor they prefer, and which program or national scheme is to be used.

      atsec services will now include free two-day certificate shipping and

 

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
(2019-03-11 11:25)

Oh boy!!! Yet another year has gone by and we are celebrating International Women's Day again.
This year the theme is 'Time is Now: Rural and urban activists transforming women’s lives'.

I must say that working in atsec has always been free of the worries about gender inequality that I've been reading such a lot about recently, and that I know some of my industry colleagues have experienced (and probably still do).

 Here in atsec I feel nothing but respect and I am as empowered 'as the next man'.

 According to Wikipedia, 2018 marks a whole century since women were first allowed to vote in Ger

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
(2018-03-07 10:44)
标签:

atsec

信息安全

it

It is 18 years since atsec was founded on January 11th, 2000.

 

Since then atsec has made a very significant contribution to information security. As one of the only truly independent labs atsec is still  self-funded, owned by professionals in the security assurance business and a key player in the technologies and geographies in which we operate. We have hundreds of successful testing and evaluation projects, founded IT security conferences, contributed with a great many IT security consultancy projects, become one of the foremost PCI assessors in the China and Asia region, and had a lot of fun along the way.

 

Not many people know that the name 'atsec' is related to the Italian word for basket, ('cesta'). This underlines that we have a great wealth of security-related expertise and diversity within atsec.

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 

What is eIDAS?

Evaluation and certification of trustworthy systems and signature and seal creation devices becomes increasingly important due to the new eIDAS regulation (EU Regulation No. 910/2014) that entered into force in the 28 EU Member States in July 2016. eIDAS is an EU regulation on electronic identification (eID) and trust services (AS), which was established to promote economic growth in the European digital single market, by enhancing the convenience and security of online transactions across EU borders. This is accomplished by establishing a European internal market for Trust Services, including various types of electronic signatures and seals, time stamps, electronic delivery services and website authentication, provided by Trust Service Providers (TSPs).

How it is used?
Ultimately, under the eIDAS regulation, c

阅读  ┆ 评论  ┆ 转载 ┆ 收藏 
  

新浪BLOG意见反馈留言板 电话:4006900000 提示音后按1键(按当地市话标准计费) 欢迎批评指正

新浪简介 | About Sina | 广告服务 | 联系我们 | 招聘信息 | 网站律师 | SINA English | 会员注册 | 产品答疑

新浪公司 版权所有