A Sign for atsec Sweden
Our Swedish colleagues unveiled the atsec sign on the front of the office building. Talk about enhanced visibility. The other atsec offices around the world are only a little bit jealous... 😀
News about Common Criteria, cryptographic modules and other IT security topics
Our Swedish colleagues unveiled the atsec sign on the front of the office building. Talk about enhanced visibility. The other atsec offices around the world are only a little bit jealous... 😀
I found out that the work culture at atsec was the best I’d ever experienced. Everyone is authentic, loves what they do, and has a sense of purpose within the business. I developed strong relationships with my co-workers as they shared their experiences and knowledge with me, improving my own personal growth. I will miss working with some of the most talented and creative individuals in the business. It certainly has been an epic journey, and it is an incredibly strong testament to the emphasis atsec places on the development and support of skills, expertise, and excellence amongst the technical community. Those attributes and expectations are set from the top down, with management practicing what they preach and being a wealth of knowledge themselves.
atsec management is outstanding; they truly care about each individual, welcome creativity, and lead by example. They treat you like a colleague, not an employee, and that's reflected in the benefits and how management approaches employees. The owner of atsec doesn't have to worry about pleasing shareholders; this allows the company to have other priorities such as giving back to the employees and supporting the Austin community directly.
In the 4+ years that I worked for atsec, they provided a competitive salary, gave bonuses, took our families on trips, and had yearly Christmas celebrations around the Austin Hill Country area and even Moody Gardens Resort in Galveston. Management is always providing additional "gifts" to show their appreciation such as Amazon gift cards, restaurants gift cards, Thanksgiving ham and turkey, and more. The company also provides a weekly catered lunch, and once a year, the owner puts on his chef's hat and makes for us the greatest original Italian food I have ever had. No Olive Garden for us!
In sports, in business, or in our relationships, it usually matters little how one starts. The winners are declared only at the end.
Thank you, atsec! It truly has been a blessing.
Randy Baker
Feeling thankful for this #workmilestone
#atsec #thankyou #savethebestforlast
One last!
On his last day, Randy received many best wishes from atsec’s colleagues in Austin and overseas. As well wishes poured in, one consideration from a colleague in Austin stood above all. I reproduce it here for us all to reflect on:
After several testimonies and messages from our colleagues to Randy, I wanted to post one more message here before he leaves to his new endeavors.
We work in a highly technical field. So technical prowess, expertise, knowledge are naturally skills we must have. Yet, one topic was abundant in the messages about Randy, and cause me to reflect upon.
We live in times wherein it seems that cruelty became a winning strategy; lies and fraud seem to have become common. Acceptable. Rewarded. Science and common sense lose place to bogeymen. To ignorance, to fear, to intolerance, pushing countrypeople against countrypeople.
Yet, what that the common topic among messages to Randy? His gentleness. His positive energy. His respect, his smile, the confidence and comfort he instilled in people. Among everything, as a testament to his character, what mattered to us was exactly that: his character. The fact that he perfectly personifies the gentleman.
For me, that was a proof that, despite the dark clouds, despite the barrage from those who embrace disruption and noise, at the end, what really matter to us, human beings, what really stays in our memories as everlasting impression and legacy, is the absolute power of a person who is gentle, ethical, positive, humble and dependable.
Mission accomplished, Randy!
We wish all our colleagues from atsec China as well as all our customers, partners, and suppliers celebrating the new lunar year, a Happy Chinese New Year.
The year of the Rabbit is important since atsec was born under that zodiac sign. Tradition suggests wearing something red during the year of your sign, which is not a problem for atsec because our logo is red for every sign of the Chinese zodiac ;).
As always on the 11th of January atsec celebrates its birthday.
This year it is the 23rd! As they say: time flies when your doing IT security!
Our best wishes and thanks to all of the contributors: our customers, our partners, and our colleagues.
The whole atsec team wishes our colleagues, customers, partners and suppliers Happy Holidays and a Happy New Year.
The CMVP published four FIPS 140-3 certificates today, marking the first modules to go through testing and validation under the new version of the FIPS 140 standard. FIPS 140-3 became effective on September 22, 2019, and testing began on September 22, 2020. FIPS 140-3 has been mandatory for new modules since September 22, 2021.
The certified modules are:
We want to thank the CMVP for their leadership and hard work in adopting ISO/IEC 19790 and 24759 as the successor to FIPS 140-2 and, in particular, the NIST CMVP for establishing the infrastructure to support the validation under FIPS 140-3. In this process, atsec helped in various ways, including with the transition from the desktop version of the Cryptik tool to the web-based Web Cryptik. atsec also spearheaded the effort to educate the cryptographic module community with a series of trainings in the Cryptographic Module User Forum as well as presentations at the International Cryptographic Module Conference, e.g. Swapneela Unkule’s presentation “360 View Of FIPS 140-3 Certification”, where she laid out the differences in the submission procedures between FIPS 140-2 and FIPS 140-3.
We are happy to see the first FIPS 140-3 certificates published - happy for atsec, for the technical community, our customers, and the CMVP. We hope to see many more certificates in the coming months and years.
After two years of virtualized conferences, the ICCC was back in person once again. The ICCC 2022 was held from November 15-17 in Toledo, Spain. It was a welcoming feeling to meet face-to-face with our customers, certification bodies, and peers alike. We reconnected with familiar faces and made new friends.
The biggest highlights of the ICCC 2022 included the publication of the new Common Criteria version (CC:2022 Release 1) and its companion CEM:2022 along with their transition policy on the Common Criteria Portal. There were also many presentations with focus on the European Common Criteria (EUCC) scheme. Another highlight was NIAP’s statement on the NSA’s Commercial National Security Algorithm (CNSA) Suite 2.0.
In addition to hosting a booth, we had representatives from many of our branch offices including Germany, Italy, Sweden, and United States in attendance. A handful of our colleagues participated in the Common Criteria Users Forum (CCUF) Workshop held a week prior to ICCC and gave well-received presentations on various interesting topics at the conference.
The ICCC 2022 started and ended with great synergy. We very much look forward to the next ICCC on October 31 – November 2 in Washington D.C., USA.
We want to draw your attention to the following publication issued by the German Federal Office for Information Security (BSI):
https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2022/221005_Apple_Sicherheitsfunktionen.html
In a nutshell for the non-German readers, the article states that Apple has agreed to an independent evaluation of the core security functions of iOS and iPadOS by BSI. This evaluation has been conducted according to the national requirements on equipment to be used for handling classified information. These requirements are comparable to the standards and the methodology of Common Criteria. The evaluation results confirm the effectiveness of the core security functions integrated in iOS and iPadOS. This includes also Apple's first party apps for email, calendar and contacts. As a result, off-the-shelf iPhones and iPads are cleared for governmental use of German authorities including handling of classified information up to the level "Nur fuer den Dienstgebrauch" (VS-NfD) as long as the requirements specified for the operational environment are fulfilled. BSI and Apple have agreed to continue their collaboration and that future versions of iOS and iPadOS will regularly undergo follow-up evaluations.
atsec participated in this project on the one hand by performing evaluation activities by a team of approved evaluators and on the other hand by providing consultancy through an independent team of consultants to achieve this milestone.
The 21st International Common Criteria Conference (ICCC 2022) will be held from November 15 to 17, 2022, in Toledo, Spain.
As always, atsec information security looks forward to opportunities for networking and exchanging ideas with our peers in Common Criteria and in the IT security community alike. After two years of virtual conferences, we are excited for the chance to do so again in person.
Our colleagues will be presenting on various interesting topics:
In addition, we will also be moderating the following panel discussion:
We invite you to visit our booth at the conference to learn more about us as well as our role and contribution to the international IT security standard community.