🎉 Check Point Software Technologies Receives Common Criteria EAL4+ Certification for Quantum Firewall Software R82:
#checkpoint #quantum #firewall #r82 #CommonCriteria #eal4 #cc_eal4 #certification
Check Point Software Technologies Ltd. (NASDAQ: CHKP), a pioneer and global leader of cyber security solutions, today announced that its Quantum Firewall
@Zugschlus @Cappyjax @WB2EEE @elly well, I'd rather not take or stay in a job than commit what I call "Professional #Malpractice"!
Again: We have this entire shitshow because we allow #TechIlliterates and other dipshits to make up regulations on the spot.
The fact that we even allow that #Govware and #Scareware [to even exist, espechally] in #CriticalInfrastructure when in both cases their #EULA explicitly bans that use-case is a testiment for the false priorities of regulators and their rules.
And then they all whine about why noone wants to work for them... What a shitshow.
Tell you what, I'd rather welcome such meetings, because the last time some CEO did that (with an absurd office mandate forcing a colleague into a 500km [one-way!] commute twice a week) they basically mobbed out the two best colleagues I had and subsequently imploded the Linux Infrastructure team.
@[email protected] @[email protected] @[email protected] @[email protected] If your company's policy tells you to install that stuff, then you install that stuff or are out of a job. In sad reality, auditors expect some kind of "endpoint protection" to give you the compliance certificate that the company needs, , and most companies decide to buy that instead of implementing it youself. And it is also in your "best" interest to accept that as a system administrator. If the bought software fscks up, people shrug it away and continue (including continuing to use said software). If your home-built solution fscks up, you're at least in for some very uncomfortable appointments in your own C-suite, if not immediately out of a job. That's sad reality, and I regret writing that. But.
@bsi has now published its Certification Report with final reference "BSI-CC-PP-0120-2024". Congratulations to everyone who contributed to the development of the protection profile and its certification. #security #tech #commoncriteria #certificates #qkd
https://www.bsi.bund.de/SharedDocs/Zertifikate_CC/PP/aktuell/PP_0120.html
Germany's Federal Office for Information Security @bsi investigates security aspects of Quantum Key Distribution #qkd in order to contribute to a secure implementation of QKD. In cooperation with #etsi, the BSI commissioned the development of the first Common Criteria protection profile. Deutsche Telekom Security GmbH took over this task and now reached the finish line, congrats! ETSI certified this profile as the first of its kind. #security #tech #commoncriteria #certificates
https://www.etsi.org/standards-search#search=GS%20QKD%20016&title=0&etsiNumber=1&content=0&version=0
The Common Criteria #Certification certificates for #iOS 16 and #iPadOS 16 evaluations have been posted on the NIAP PCL as well as on the Common Criteria Portal.
#NIAP PCL
iOS -> https://www.niap-ccevs.org/Product/Compliant.cfm?PID=11349
iPadOS -> https://www.niap-ccevs.org/Product/Compliant.cfm?PID=11350
#CommonCriteria Portal
iOS -> https://www.commoncriteriaportal.org/files/epfiles/st_vid11349-ci.pdf
iPadOS -> https://www.commoncriteriaportal.org/files/epfiles/st_vid11350-ci.pdf
In my experience Common Criteria is a double-edged sword. The NIAP Protection Profiles are often extremely detailed and describe the threats and mitigations that the product needs to take. Yet, there often is some misconception what it means that a device has the certification, and some companies seem to use the certification in kind of false marketing.
Common Criteria validation does not replace security testing. When the validated for certification, the product is rigorously tested against the specific Protection Profile, but this is the extent of this testing. In fact if you read many validation reports carefully, they actually do often go to detail in explaining that the evaluation did not look for or attempt to exploit vulnerabilities. This is what the validation laboratories are expected to do after all: Validate the target against a very specific Protection Profile.
This does leave an obvious gap however: On numerous occasions I’ve seen gaping security holes (mostly logical ones), that fall outside of the scope of the specific Protection Profile. If there is no-one actually taking a holistic view of the entire environment and use case for the product, these flaws can go unnoticed. If not careful, the CC compliance could be interpreted as something that it is not, leading to false sense of security.
Many security flaws can be prevented by adhering to the Protection Profile rules and validating the target for Common Criteria certification. The scope of the impact of the certification is limited, however. Organizations buying products need to understand what the Common Criteria compliance means and even more importantly what it does not.
As you may know, Common Criteria (AKA ISO/IEC15408: An standard for IT Security Evaluation) have provided some security base-line documents named "Protection Profile" for software develop...
FoW
Daniel Kuhl ✌🏻☮️☕️
secsolution
Kevin Karhan 
Christian Fischer
Thomas Bosboom ✅
Harry Sintonen
OPSEC Cybersecurity News Live