-
CEST (Confidential Evaluation of Software Trustworthiness) project finished
The Confidential Evaluation of Software Trustworthiness research project has been completed!
-
atsec is recognized as a SCAS Testing laboratory in the German NESAS certification scheme
As one of the first companies in Germany, atsec has become a certified evaluation laboratory in the German Network Equipment Security Assurance Scheme Cybersecurity Certification Scheme – German Implementation (NESAS CCS-GI) scheme maintained by BSI (Bundesamt für Sicherheit in der Informationstechnik). This certification scheme is based on the…
-
New Cyber Resilience Act in the European Union
On September 15, 2022, the EU Commission presented a proposal for a new Cyber Resilience Act to protect consumers and businesses from products with inadequate security features. This EU legislation introduces mandatory cybersecurity requirements for products with digital elements, throughout their whole lifecycle. The EU legislation will impose:…
-
Securing the Software Supply Chain
All components comprising a software product are ultimately the responsibility of the developer of that product, even if one or more of those components is supplied by a third party. This is especially true when the product is evaluated for Common Criteria (CC) certification. Recently, the National Security…
-
Challenges and Opportunities
Many of us who have been in the evaluation and certification (validation) business have seen the development, not only of security requirements and schemes, but also how the “security echo system” works. A few weeks ago, I was generously given the opportunity to share some ideas at the…
-
Update on the IT Security Standards in China
(“Information Security and Cryptography” in Chinese Calligraphy) In this article, we provide an up-to-date overview regarding IT security standards as well as the current situation of IT security testing and certification in China. It also covers the topics related to security assessment and compliance in the financial industry.…
-
Cybersecurity Certification Schemes in Europe
atsec has recently participated in two conferences that focused on cybersecurity certification: the 2022 International Conference on the EU Cybersecurity Act in Brussels, Belgium, and ENISA Cybersecurity Certification Conference 2022 in Athens, Greece. atsec contributed with two presentations at the EU Cybersecurity Conference “Successful cPP Certification under the…
-
atsec virtually at the National Cybersecurity Center of Excellence
atsec is excited to have been invited to the virtual kick-off meeting for the “Automation of the NIST Cryptographic Module Validation Program” at the National Cybersecurity Center of Excellence (NCCoE). The National Institute for Standards and Technology (NIST) organized the kick-off meeting on June 1st of, 2022. It…
-
On Software Supply Chains
by King Ables The attack on the SolarWinds network management platform Orion allowed a bad actor to inject malware into the product prior to it being signed and deployed to customers during a regular software update. This highlights a largely underappreciated but universal truth of the Internet age–almost…
