加载中…
个人资料
atsec官博
atsec官博 新浪机构认证
  • 博客等级:
  • 博客积分:0
  • 博客访问:47,610
  • 关注人气:12
  • 获赠金笔:0支
  • 赠出金笔:0支
  • 荣誉徽章:
博文
标签:

atsec

iccc

cc

niap

ccuf

After two years of virtualized conferences, the ICCC was back in person once again. The ICCC 2022 was held from November 15-17 in Toledo, Spain. It was a welcoming feeling to meet face-to-face with our customers, certification bodies, and peers alike. We reconnected with familiar faces and made new friends.

The biggest highlights of the ICCC 2022 included the publication of the new Common Criteria version (CC:2022 Release 1) and its companion CEM:2022 along with their transition policy on the Common Criteria Portal. There were also many presentations with focus on the European Common Criteria (EUCC) scheme. Another highlight was NIAP’s statement on the NSA’s Commercial National Security Algorithm (CNSA) Suite 2.0.

In addition to hosting a booth, we had representatives from many of our branch offices including Germany, Italy, Sweden, and United States in attendance. A handful of our colleagues participated in the Common Cr
标签:

atsec

bsi

iphone

ios

apple

We want to draw your attention to the following publication issued by the German Federal Office for Information Security (BSI):

https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2022/221005_Apple_Sicherheitsfunktionen.html

In a nutshell for the non-German readers, the article states that Apple has agreed to an independent evaluation of the core security functions of iOS and iPadOS by BSI. This evaluation has been conducted according to the national requirements on equipment to be used for handling classified information. These requirements are comparable to the standards and the methodology of Common Criteria. The evaluation results confirm the effectiveness of the core security functions integrated in iOS and iPadOS. This includes also Apple's first party apps for e
标签:

atsec

pci

pcidss

pci标准

pci标准变更





标签:

iccc

atsec

cc

it安全

移动安全



第21届国际通用评估准则会议(ICCC:International Common Criteria Conference 2022)将于2022年11月15日至17日在西班牙托莱多(Toledo)举行。

与往常一样,atsec信息安全期待有机会与通用评估准则(Common Criteria)和IT安全社区的同行建立联系并交换想法。经过两年的虚拟会议,我们很高兴有机会再次能够面对面的交流。
我们的同事将分别针对不同的有兴趣的话题开展技术讲演:

  • 当CCMA敲打你的大门时 (A20a)
Michael Vogel, Managing Director, atsec information security, 德国
  • 移动设备评估?哪个PP?(A31b)
Rasma Mozuraite Araby, CEO, Lab Manager, atsec information security, 瑞典
  • 机密安全评估环境 (A13a)
Cheng Jiang, Principal Consultant, CC evaluator, atsec information security, 瑞典
标签:

atsec

nesas

scas

bsi

gsma



作为德国最早的公司之一,atsec已经获得由德国联邦信息安全办公室BSI(Bundesamt für Sicherheit in der Informationstechnik)维护的德国网络设备安全保证体系网络空间认证体系 - 德国实施(NESAS CCS-GI:Network Equipment Security Assurance Scheme Cybersecurity Certification Scheme - German Implementation)体系所认证的评估实验室。该认证体系基于移动通信协会GSMA(Groupe Speciale Mobile Association)NESAS所创建,在GSMA NESAS体系中atsec可以针对安全关键的4G/5G电信设备开展安全测试(也即,SCAS测试)。

NESAS致力于提供全行业的安全保证框架,以促进整个行业安全级别的提高。它定义了安全产品开发和产品生命周期流程的安全要求和评估框架,以及用于网络设备安全评估的安全测试用例。安全要求已经定义,并由第三代合作伙伴项目3GPP(3rd Generation Partnership Project)积极维护,3GPP
标签:

atsec

scas

nesas

security

bsi







atsec is one of two German NESAS CCS-GI laboratories:
标签:

atsec

卡片生产和供应安全

cpsa

物理安全

逻辑安全








标签:

atsec

pci

pcidss

pci标准

pci标准变更

要求点变更的说明之第六大类:使用组织政策和计划支持信息安全

要求12:使用组织政策和计划支持信息安全

要求12 在v4.0 版本也增加了安全管理方面的要求,主要体现在:

要求12.3.1-12.3.2 涉及到标准中可自行决定频率的点,通过该要求进行风险评估并确定适合的频率。

要求12.3.3 对所使用的加密套件的维护要求。

要求12.3.4 对所使用的硬软件技术的维护要求。

要求12.5.2 对PCI DSS 范围的维护要求。

要求12.6.3.1-12.6.3.2 对安全意识培训的内容要求。

要求12.10.7 强调在任何时候发现未知的持卡人数据存储位置时应采取的应急响应流程。

标签:

atsec

cyber

resilience

security



On September 15, 2022, the EU Commission presented a proposal for a new Cyber Resilience Act to protect consumers and businesses from products with inadequate security features. This EU legislation introduces mandatory cybersecurity requirements for products with digital elements, throughout their whole lifecycle.

The EU legislation will impose:

    (a) rules for the placing on the market of products with digital elements to ensure their cybersecurity;

    (b) essential requirements for the design, development and production of products with digital elements, and obligations for economic operators in relation to these products;

标签:

atsec

pci

pcidss

pci标准

pci标准变更

要求点变更的说明之第五大类:定期监控和测试网络

要求10:记录监控系统组件和持卡人数据的所有访问权限

要求10的主要变化体现在如下两个要求点:

要求10.4.1.1从允许人工每日审计,变为自动化审计机制。

对于非关键事件,要求10.4.2.1允许通过风险评估,确定其检查的频率。


  

新浪BLOG意见反馈留言板 欢迎批评指正

新浪简介 | About Sina | 广告服务 | 联系我们 | 招聘信息 | 网站律师 | SINA English | 产品答疑

新浪公司 版权所有