A Sign for atsec Sweden

 

Our Swedish colleagues unveiled the atsec sign on the front of the office building. Talk about enhanced visibility. The other atsec offices around the world are only a little bit jealous... 😀

Saved the Best for Last

After 40+ years of working, I am officially retired and can say that I saved the best for last. Four plus years ago, after working for IBM for over 29 years, I was hired by atsec information security corp., a small Austin company of approximately 25 people. Coming from Big Blue, I really had a lot of anxieties and concerns going from a large employer to a small one. I was afraid that I wouldn't be able to adapt to a small company work culture.

I found out that the work culture at atsec was the best I’d ever experienced. Everyone is authentic, loves what they do, and has a sense of purpose within the business. I developed strong relationships with my co-workers as they shared their experiences and knowledge with me, improving my own personal growth. I will miss working with some of the most talented and creative individuals in the business. It certainly has been an epic journey, and it is an incredibly strong testament to the emphasis atsec places on the development and support of skills, expertise, and excellence amongst the technical community. Those attributes and expectations are set from the top down, with management practicing what they preach and being a wealth of knowledge themselves.

atsec management is outstanding; they truly care about each individual, welcome creativity, and lead by example. They treat you like a colleague, not an employee, and that's reflected in the benefits and how management approaches employees. The owner of atsec doesn't have to worry about pleasing shareholders; this allows the company to have other priorities such as giving back to the employees and supporting the Austin community directly.
In the 4+ years that I worked for atsec, they provided a competitive salary, gave bonuses, took our families on trips, and had yearly Christmas celebrations around the Austin Hill Country area and even Moody Gardens Resort in Galveston. Management is always providing additional "gifts" to show their appreciation such as Amazon gift cards, restaurants gift cards, Thanksgiving ham and turkey, and more. The company also provides a weekly catered lunch, and once a year, the owner puts on his chef's hat and makes for us the greatest original Italian food I have ever had. No Olive Garden for us!

In sports, in business, or in our relationships, it usually matters little how one starts. The winners are declared only at the end.
Thank you, atsec! It truly has been a blessing.

Randy Baker

Feeling thankful for this #workmilestone
#atsec #thankyou #savethebestforlast

One last!

On his last day, Randy received many best wishes from atsec’s colleagues in Austin and overseas. As well wishes poured in, one consideration from a colleague in Austin stood above all. I reproduce it here for us all to reflect on:

After several testimonies and messages from our colleagues to Randy, I wanted to post one more message here before he leaves to his new endeavors.

We work in a highly technical field. So technical prowess, expertise, knowledge are naturally skills we must have. Yet, one topic was abundant in the messages about Randy, and cause me to reflect upon.

We live in times wherein it seems that cruelty became a winning strategy; lies and fraud seem to have become common. Acceptable. Rewarded. Science and common sense lose place to bogeymen. To ignorance, to fear, to intolerance, pushing countrypeople against countrypeople.

Yet, what that the common topic among messages to Randy? His gentleness. His positive energy. His respect, his smile, the confidence and comfort he instilled in people. Among everything, as a testament to his character, what mattered to us was exactly that: his character. The fact that he perfectly personifies the gentleman.

For me, that was a proof that, despite the dark clouds, despite the barrage from those who embrace disruption and noise, at the end, what really matter to us, human beings, what really stays in our memories as everlasting impression and legacy, is the absolute power of a person who is gentle, ethical, positive, humble and dependable.

Mission accomplished, Randy!

Happy Chinese New Year

 

We wish all our colleagues from atsec China as well as all our customers, partners, and suppliers celebrating the new lunar year, a Happy Chinese New Year.
The year of the Rabbit is important since atsec was born under that zodiac sign. Tradition suggests wearing something red during the year of your sign, which is not a problem for atsec because our logo is red for every sign of the Chinese zodiac ;).

Happy Birthday, atsec!

As always on the 11th of January atsec celebrates its birthday.
This year it is the 23rd! As they say: time flies when your doing IT security!
Our best wishes and thanks to all of the contributors: our customers, our partners, and our colleagues.

Happy Holidays and a Happy New Year from atsec

The whole atsec team wishes our colleagues, customers, partners and suppliers Happy Holidays and a Happy New Year.

The Cryptographic Module Validation Program (CMVP) issues the first FIPS 140-3 certificates

The CMVP published four FIPS 140-3 certificates today, marking the first modules to go through testing and validation under the new version of the FIPS 140 standard. FIPS 140-3 became effective on September 22, 2019, and testing began on September 22, 2020. FIPS 140-3 has been mandatory for new modules since September 22, 2021.

The certified modules are:

• Certificate #4389 - Apple corecrypto Module v11.1 [Intel, User, Software]
• Certificate #4390 - Apple corecrypto Module v11.1 [Intel, Kernel, Software]
• Certificate #4391 - Apple corecrypto Module v11.1 [Apple silicon, User, Software]
• Certificate #4392 - Apple corecrypto Module v11.1 [Apple silicon, Kernel, Software]

We want to thank the CMVP for their leadership and hard work in adopting ISO/IEC 19790 and 24759 as the successor to FIPS 140-2 and, in particular, the NIST CMVP for establishing the infrastructure to support the validation under FIPS 140-3. In this process, atsec helped in various ways, including with the transition from the desktop version of the Cryptik tool to the web-based Web Cryptik. atsec also spearheaded the effort to educate the cryptographic module community with a series of trainings in the Cryptographic Module User Forum as well as presentations at the International Cryptographic Module Conference, e.g. Swapneela Unkule’s presentation “360 View Of FIPS 140-3 Certification”, where she laid out the differences in the submission procedures between FIPS 140-2 and FIPS 140-3.

We are happy to see the first FIPS 140-3 certificates published - happy for atsec, for the technical community, our customers, and the CMVP. We hope to see many more certificates in the coming months and years.

The International Common Criteria Conference (ICCC) 2022

After two years of virtualized conferences, the ICCC was back in person once again. The ICCC 2022 was held from November 15-17 in Toledo, Spain. It was a welcoming feeling to meet face-to-face with our customers, certification bodies, and peers alike. We reconnected with familiar faces and made new friends.

The biggest highlights of the ICCC 2022 included the publication of the new Common Criteria version (CC:2022 Release 1) and its companion CEM:2022 along with their transition policy on the Common Criteria Portal. There were also many presentations with focus on the European Common Criteria (EUCC) scheme. Another highlight was NIAP’s statement on the NSA’s Commercial National Security Algorithm (CNSA) Suite 2.0.

In addition to hosting a booth, we had representatives from many of our branch offices including Germany, Italy, Sweden, and United States in attendance. A handful of our colleagues participated in the Common Criteria Users Forum (CCUF) Workshop held a week prior to ICCC and gave well-received presentations on various interesting topics at the conference.

• When the CCMB is Knocking on your Door – Michael Vogel
• Confidential Security Evaluation Environment – Cheng Jiang & Luis Barringa (Erricson)
• Mobile Device Evaluation? Which PP? – Rasma Mozuraite Araby

Our colleague Yi Mao moderated an expert panel discussion Evaluation of the Cryptographic Standards Ecosystem, which addresses the demands and challenges of the current cryptographic standards and their connections to Common Criteria Evaluations. Yi Mao was also a panelist in the Labs AMA (Ask Me Anything) session.

Moreover, our atsec colleagues moderated several presentation sessions:

• Updates from Schemes and ITCs – Yi Mao
• Cybersecurity Certification Schemes Landscape – Michael Vogel
• CC in New Domains – Michael Vogel

The ICCC 2022 started and ended with great synergy. We very much look forward to the next ICCC on October 31 – November 2 in Washington D.C., USA.

Happy Halloween!

Click here for a version with sound

BSI approves core security functions of iPhone and iPad

We want to draw your attention to the following publication issued by the German Federal Office for Information Security (BSI):

https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2022/221005_Apple_Sicherheitsfunktionen.html 

In a nutshell for the non-German readers, the article states that Apple has agreed to an independent evaluation of the core security functions of iOS and iPadOS by BSI. This evaluation has been conducted according to the national requirements on equipment to be used for handling classified information. These requirements are comparable to the standards and the methodology of Common Criteria. The evaluation results confirm the effectiveness of the core security functions integrated in iOS and iPadOS. This includes also Apple's first party apps for email, calendar and contacts. As a result, off-the-shelf iPhones and iPads are cleared for governmental use of German authorities including handling of classified information up to the level "Nur fuer den Dienstgebrauch" (VS-NfD) as long as the requirements specified for the operational environment are fulfilled. BSI and Apple have agreed to continue their collaboration and that future versions of iOS and iPadOS will regularly undergo follow-up evaluations. 

atsec participated in this project on the one hand by performing evaluation activities by a team of approved evaluators and on the other hand by providing consultancy through an independent team of consultants to achieve this milestone.

atsec at the International Common Criteria Conference 2022 in Toledo, Spain

 

The 21st International Common Criteria Conference (ICCC 2022) will be held from November 15 to 17, 2022, in Toledo, Spain.

As always, atsec information security looks forward to opportunities for networking and exchanging ideas with our peers in Common Criteria and in the IT security community alike. After two years of virtual conferences, we are excited for the chance to do so again in person.

Our colleagues will be presenting on various interesting topics:

• When the CCMB is Knocking at Your Door (A20a)
  Michael Vogel, Managing Director, atsec information security, Germany
• Mobile Device Evaluation? Which PP? (A31b)
  Rasma Mozuraite Araby, CEO, Lab Manager, atsec information security, Sweden
• Confidential Security Evaluation Environment (A13a)
  Cheng Jiang, Principal Consultant, CC evaluator, atsec information security, Sweden
  

In addition, we will also be moderating the following panel discussion:

• Panel Discussion: Evolution of the Cryptographic Standards Ecosystem (L31b)
  Moderator: Yi Mao, Managing Director, atsec information security corporation, United States
  

We invite you to visit our booth at the conference to learn more about us as well as our role and contribution to the international IT security standard community.