Skip to main content
Home
Search
  • Global
  • Employees
  • News
  • Investors
  • Contact
  • Company
    • Our Business

      We embrace and solve some of the world's toughest challenges.

      • Civil
      • Defense
      • Health
      • Intelligence
      50th anniversary book

      Now available for download, "A Kaleidoscope of Innovation: The Story of Leidos" is an enhanced eBook optimized for iBooks.

      Download the Book

    • Mission, Vision and Values

      Everything we do is built on a commitment to do the right thing for our customers, our people, and our community.

      • Mission
      • Vision
      • Values
      opioid epidemic

      Let’s come together and talk about the changes that are needed

      The Opioid Epidemic: A Call to Action

    • Leadership

      Meet the executive team responsible for leading our 31,000 forward-thinking employees toward shared success.

      • Roger Krone
      • James Reagan
      • Paul Engola
      • Roy Stevens
      • Steve Hull
      • Jerry Howe
      • Michele Brown
      • James Cantor
      • Kamal Dua
      • Angela Heise
      • Gerry Fasano
      • Vicki Schmanske
      • Jonathan Scholl
      • Board of Directors
      Roger Krone

      Meeting the challenges of an uncertain world

      An interview with Leidos CEO Roger Krone

    • History

      Leidos has a long history of innovative problem-solving and customer service, dating all the way back to 1969 when Dr. J. Robert Beyster founded his "crazy little company".

      • Explore our History
      • Dr. J. Robert Beyster
      • A Kaleidoscope of Innovation: The Story of Leidos
      J. Robert Beyster

      Almost 50 years ago, visionary scientist J. Robert Beyster, Ph.D. founded the company that evolved into Leidos.

      Read More

    • Responsibility & Sustainability

      We're equally committed to using our time and resources to support people, enrich communities, and protect the environment.

      • CEO Message
      • Executive Summary
      • Community
      • Environment
      • People
      • Suppliers and Small Business Relationships
      • About our Reporting
      • GRI G4 Index
      Leidos CEO Roger Krone

      Roger Krone Honored with CR Magazine 2017 Responsible CEO of the Year Award

      Read More

    • Ethics & Compliance

      We have a strong history of performance that rests on our foundation of integrity.

      • File a Report
      • History of Ethics
      • Ethics Program Structure
      • Code of Conduct
      • Privacy Statement
      Leidos employees

      We take every report seriously and have zero tolerance for retaliation of any kind against individuals who, in good faith, raise questions or report concerns.

      File a Report

    • Rankings & Awards

      Our innovative approach and the services and solutions we deliver frequently earn Leidos recognition from our industry and the media.

      • Enterprise Awards
      • Defense Awards
      • Civil Awards
      • Health Awards
      Awards

      A frequent honoree on the corporate awards circuit, Leidos is proud of its many industry-specific and corporate-level achievements.

      Read More

    • Partners

      The Leidos Alliance Partner Network emphasizes connections through partnership and collaboration that drive innovation, advance technology and build efficiency.

      • Corporate Strategic Partners
      • Technology Integration Partners
      • Emerging Technology Partners
      data center image

      Leidos Achieves Amazon Web Services Premier Consulting Partner Status

      See Article

    • Subsidiaries

      Our wholly-owned and majority-owned subsidiaries attract and retain top talent motivated to deliver results for clients.

      • Aranea Solutions, Inc.
      • Leidos Biomedical Research, Inc.
      • Leidos Digital Solutions
      • BEONTRA
      • Leidos Health
      • QTC
      • Leidos Engineering, LLC
      • Systems Made Simple
      • Varec, Inc.
    • Contract Vehicles

      Whether you’re a potential government customer or a prospective supplier, through this listing you can find our technical and professional services under pre-negotiated terms and conditions.

      • Governmentwide MACs & IDIQs
      • GSA Schedules
      • Agency Specific IDIQs
      • International
    • Global

      With more than 400 locations in 30 countries, we continue to expand our presence and strengthen our international relationships.

      • United Kingdom & Europe
      • Australia
      • Israel
      • Middle East
      • Canada
      South Sudan

      Transporting supplies across 3 continents to help set up a field hospital in South Sudan

      Read Case Study

  • Markets
    • Aviation

      Bringing efficiency and modernization to the global civil aviation market

      • Air Traffic Management
      • ANSP Professional Services
      • Intelligent Approach
      • Scenario Planning & Forecasting
      • Airport Operational Systems
      • Passenger Flow Measurement
      • Baggage Inspection Systems
      • FODD & Fuels Management
      • Cargo & Vehicle Inspection Systems
      • Flight Management & Briefing
      Leidos employees demonstrating SkyLine-X automation system

      Airways New Zealand is engaged in product design and development of our SkyLine-X air traffic control automation system.

      Read About This Partnership

    • Defense

      Science for a safer world

      • Airborne
      • Command & Control
      • Cyber
      • Enterprise IT Modernization
      • Maritime
      • Operations & Logistics
      • Training
      Cyber bullets

      'Cyber bullets' were once a spy tool but may soon scan Wi-Fi networks for the Army

      Read Article

    • Energy

      Trusted expertise for energy projects and programs

      • Site Management & Operations
      • Power Delivery
      • Integrated Energy Management
      • Project Finance & Development
      • Digital Utilities
      • Manufacturing Systems
      Grid Hardening

      Utilities are prioritizing grid hardening and what measures they are taking to strengthen infrastructure and minimize system downtime.

      Learn More

    • Government

      Collaborating with government agencies to help citizens thrive

      • Cybersecurity
      • Legacy IT Modernization
      • Health IT
      • Forms Processing
      • Operations & Logistics
      • Mission Software Systems
      FBI center in Clarksburg, West Virginia

      Leidos continues to win big with its West Virginia-centric strategy

      Learn About Our Work in the Mountain State

    • Healthcare

      Building a healthy connection between technology and people

      • Hospital Systems
      • Federal Health
      • Military Health
      • Veteran Health
      transforming healthcare

      4 steps to drive change and improve care

      Read White Paper

    • Homeland

      Integrating, applying, and advancing IT to tackle the ever-advancing challenges of protecting our borders.

      • Biometrics
      • Mission Cyber and Network Defense
      • Integrated Systems
      • Enterprise IT Modernization
      • Data Analytics
      • Intelligence & Linguistic Services
      • CBRN Defense
      • Human Capital Services
      • Complex Logistics
      stock photo of military command and control center

      Supply chain management that uses data analytics and open architecture solutions.

      Learn About Our Approach

    • Intelligence

      Rapidly transforming vast and varied data into actionable intelligence

      • Intelligence Community Engineering
      • Collection, Analysis & Reporting
      • Operational Support & Training
      GEOAxIS

      NGA partners with Leidos to manage GEOAxIS program, providing end-to-end support.

      Read Case Study

    • Science

      Groundbreaking scientific research and environmental management best practices that make headways in the defense, civilian and health markets

      • Life Sciences
      • Autonomous Systems
      • Airborne & Ground ISR
      • Command and Control
      • Electronic Warfare
      • Environmental Science
      • Modeling, Simulation & Training
      • Sensors
      • Specialty Sciences
      Genomic Data Commons Project Team

      Leidos Biomedical Research staff are helping to advance Genomic Data Commons capabilities for cancer research.

      Read Their Research

    • Space

      IT, engineering, and science expertise to execute on the most critical of exploration missions

      • NASA
      • Defense
      • Commercial
      Hue Nguyen

      The New York Times recently profiled a Leidos employee who creates custom-tailored clothing for astronauts.

      Meet Hue Nguyen

    • Surface Transportation

      Engineering and research in support of next generation transportation

      • Connected & Automated Vehicles
      • Human Factors Research
      • Analysis, Modeling & Simulation
      • Transportation Safety
      • Operations
      • Asset Management
      • Accelerated & e-Construction
      • Freight
      • Research Facility Management
      Connected vehicles

      Connected Vehicle Systems: The Next Generation

      Read Article

  • Competencies
    • Cyber

      Comprehensive support for your cybersecurity journey

      • Security Operations Center
      • Insider Threat
      • Cyber Analytics
      • Information Assurance
      • Risk Management Framework
      • Commercial Cyber
      • Accredited Testing & Evaluation
      Hacker Avenue

      See what can happen when hackers take control of a city.

      View our Award-Winning Interactive

    • Data Science & Engineering

      Extensive quantitative analytics and visualization methods to exploit data and discover creative benefits with actionable decisions

      • Data Analytics
      • Data Engineering
      • Data Visualization
      • Predictive Analytics
      • Data Mining and Analysis
      • AI and Machine Learning
      • Behavior Modeling
      • Healthcare Analytics
      Artificial intelligence technology

      What is artificial intelligence?

      Explore AI Technology

    • Enterprise IT Modernization

      Secure, user-centric Information Technology that helps transform your organization's ideas into action

      • User Engagement
      • Digital Workplace
      • Mobility
      • Cloud
      • Application Modernization
      • Data Center Modernization
      • SecDevOps
      Modernize your mission

      Secure, user-centric IT that helps transform your organization's ideas in to action

      Modernize Your Mission

    • Integrated Systems

      Combining hardware and software with diverse initial applications to address the key mission challenges in an array of markets.

      • Autonomous and Unmanned Systems
      • Reveal Baggage Inspection Systems
      • SE Core
      • VACIS
      • TRAPS
    • Mission Software Systems

      Our mission software systems are designed to manage complexity in environments that require precision, speed, and scale in equal measure.

      • LEAF
      • careC2
      • OneSAF
      • Data Analytics
      • Command and Control
      Command and control

      Learn how expertise in Mission Systems development and LEAF enabled Leidos to build an upgraded and enhanced C2 system on a budget.

      Read the Article

    • Operations & Logistics

      We provide cost-effective tools combined with experienced thought leadership and enhanced processes to meet global, mission-critical customer needs through product support, transportation and distribution, and logistics enablers.

      • Antarctic Support Contract
      • ISS Cargo Mission Contract
      • Logistic Commodities & Services Transformation Programme
      • Strategic National Stockpile
      • Defense Logistics Support
      stock photo of military command and control center

      Supply chain management that uses data analytics and open architecture solutions.

      Learn About Our Approach

    • Secure Development & Operations

      With rapid changes in technology and tools, software development is a central success factor in any large transformation program.

      • Secure Development Overview
      software development

      The Leidos Enterprise Application Framework (LEAF) facilitates rapid development and provides a foundation for prototyping solutions.

      Read More

    • Sensors, Collection & Phenomenology

      Developing and implementing multiple sensor modalities and integrating collection systems to meet demanding requirements across multiple operational domains.

      • Biometrics
      • Sensors
      • Advanced Computing
      • Computational Fluid Dynamics
      • Command and Control
      • Tactical Data Links
      3D Modeling of Crozet Tunnel

      We used 3D modeling to explore an abandoned railroad tunnel all in the name of science.

      Read Our Research

    • Systems Engineering & Integration

      Our approach is designed to ensure mission success and is the foundational DNA of every technical project we execute.

      • Approach to Systems Engineering
      Systems engineering team

      Building the future with Systems Engineering and Integration

      Read Article

  • Insights
    • Insights

      Expertise, industry leadership, unique perspectives, and more -- directly from our employees and stakeholders.

      • Latest Insights
      • Press Releases
      • 50th Anniversary
      • Heroes of Leidos
      • Our Experts
      • Careers & Culture
      • Community
      • Articles
      • Case Studies
      • Infographics
      • Q&As
      Innoviduals

      We’re a company full of innovative individuals. Explore the scope and depth of talent throughout Leidos.

      Read More

  • Careers
    • Latest Opportunities

      Keep up to date on the latest career opportunities at Leidos.

      • Military Veteran Program
      • External Referral Program
      • Intern & New Graduate Jobs
      • Jobs in the United Kingdom
      • Jobs in Australia
      Leidos careers

      Your most important work is still ahead. Explore opportunities at Leidos.

      View our Latest Opportunities

    • Life at Leidos

      A career at Leidos offers meaningful and engaging work, a collaborative culture, support for your career goals, while nurturing a healthy work-life balance.

      • Our Values
      • Our Culture
      • Build a Career
      • Diversity at Leidos
      Leidos Careers

      Your most important work is still ahead. Explore opportunities at Leidos.

      View our Latest Opportunities

    • Pay & Benefits

      Pay and benefits are fundamental to any career decision. That's why we craft compensation packages that reflect the importance of the work we do for our customers.

      • Compensation
      • Health & Wellness
      • Income Protection
      • Leave
      • Retirement
      • Family Benefits
      Careers at Leidos

      Your most important work is still ahead. Explore opportunities at Leidos.

      View our Latest Opportunities

    • Frequently Asked Questions

      Find answers to the most commonly asked questions related to securing a role at Leidos.

      • Searching for a Role
      • Applying for a Job
      • Determining Application Status
      • System Access
      • Job Eligibility Requirements
      • Receiving Job Notifications
      • Our Talent Community
      • Career Insights
      Careers at Leidos

      Your most important work is still ahead. Explore opportunities at Leidos.

      View our Latest Opportunities

  • Search
  • Company
  • Markets
  • Competencies
  • Insights
  • Careers
Back to top

Breadcrumb

  1. Home
  2. Insights

FIPS 140-2 and Common Criteria industry updates (Nov. 2018)

FIPS 140-2

NIST ACVP System

On Dec. 4, 2018, NIST released a new iteration of the CMVP Implementation Guidance (IG) document. The announcement details can be found here and affect IG G.2, G.13, G.17, 1.21, 9.4, 9.11 and 14.5.

Additionally, NIST announced that there is progress being made with regards to the algorithm testing automation system(s). Chronologically:

  • NIST will suspend current CAVP validations for the next week and will resume posting CAVP validations with a new system once released. NIST is (at least partially) automating the processing for the current “flow” for CAVP testing, where CAVS is used to produce req/sam files and the IUT produces rsp files.
  • NIST will eventually (no date provided) release version 1.0 of a separate automation system described here which will replace the current CAVS system entirely. Once this is released, NIST is hoping to move away from CAVS over the span of 6 months.
  • NIST will start charging fees for algorithm validations starting Oct. 1, 2019.

Please don’t hesitate to contact us at ATE@leidos.com if you have any questions or comments.

Implementation Guidance (IG) Updates

On Nov. 5, the CMVP provided the draft IGs for IG 9.4 and IG 9.11 along with combined Lab comments for each. Don’t hesitate to reach out to Leidos if you have any questions on the proposed updates to these IGs.

Additionally, the following changes will be made to the IG document:

  • General: Changed all references of Communications Security Establishment (CSE) to Canadian Center for Cyber Security (CCCS).
  • IG G.2 - Completion of a test report: Information that must be provided to NIST and CSE – Added acceptance of draft certificate submissions from the CST lab to the CMVP in the RTF format (but still recommending DOC or DOCX formatting).
  • IG G.13 - Instructions for Validation Information Formatting – Added a certificate caveat example to Section 4 starting with “When installed, initialized and configured…”.  Also updated footnotes in Section 10 for clarity on CVL references and removed the text “allowed in approved mode” since it is already understood that these algorithms are allowed in FIPS mode. Additionally, corrected the Triple-DES example in Section 10 to reference an approved certificate. Finally, updated Section 8 to require the tested processor(s) within the Configuration field on the Certificate with examples.
  • IG G.17 - Remote Testing for Software Modules – Updated Resolution bullet 2 to specify that cloud environments are prohibited specifically for 3rd party vendors where the lab does not have control of the environment for testing.
  • IG 14.5 - Critical Security Parameters for the SP 800-90 DRBGs  – Removed Additional Comment #2 as “full entropy”, in this context, is an unreasonable expectation.
     

Leidos anticipates the CMVP publishing the aforementioned updates within the next couple of weeks.

Leidos experts are available to help with any questions or concerns regarding the industry updates mentioned above. Please contact us at ATE@leidos.com and we will be happy to assist.

Common Criteria

Leidos at International Common Criteria Conference (ICCC): Oct. 30 – Nov. 1

After a two-year hiatus, the International Common Criteria Conference (ICCC) returned this year. This year’s conference was held from 10/30 – 11/1 in Amsterdam. Participants by and large seem to be satisfied with the current international Technical Community approach to the creation and use of Protection Profiles. However, there are a number of key points moving forward that vendors and laboratories will need to be aware of to ensure that they understand the needs of government users, specifically:

  • EU cybersecurity programs – the EU as a whole is becoming more involved with cybersecurity, rather than leaving it primarily to its constituent nations. The European Union Agency for Network and Information Security (ENISA) has a proposed framework for cybersecurity certification standards for its member states. Historically, Common Criteria has been used in various EU countries (e.g. through SOGIS for smart card validation) so any such framework would likely continue to use CC in some form.
  • Emerging technologies – a continual complaint of CC has been the cost and time involved in completing evaluations. This has been offset to some extent for emerging technologies through the creation of Protection Profiles that allow for relatively fast evaluations at costs that make sense for the product; however, the standard currently has no good way of handling IoT devices. These devices are relatively inexpensive, come to market quickly, have fast product lifecycles, and have a relatively high security impact if compromised. Participants agreed that it is essential that if CC is to be used a method to evaluate IoT devices, then it is necessary to produce materials that allow for rapid and low-cost evaluations that focus a small number of high-impact threats. A six-month evaluation plus any necessary preparatory time is simply too much time for IoT device makers and users to see any real benefit from completing a certification, due to the rapid pace obsolescence with these technologies.

In addition to this, there was much discussion around the notion of expediting evaluations for vendors that have taken numerous products through the certification process already. Standards such as O-TTPS exist to ‘certify’ organizations and product lines, such that their products are automatically assumed to have some degree of security assurance, but adoption of this standard so far has been minimal. CC used to require evaluations of developer sites and development processes through ALC_DVS (previously done at EAL3 or higher), but this is not part of any published Protection Profile. Vendors who repeatedly evaluate the same products over and over again argue that after a certain point, it should be possible to trust their development processes since their development staff repeatedly demonstrate knowledge of the applicable CC requirements and regularly demonstrate conformance to them. As of right now, the only method of expediting re-testing is to re-use test plans and procedures, but this may still result in a labor-intensive evaluation process. Nothing was formally proposed or discussed, but this is going to be something worth paying attention to in the near future.

Overall, it was very encouraging to see that after two years of not having any worldwide conferences for the standard, that interest from all stakeholders still remained high.

Leidos experts are available to help with any questions or concerns regarding the industry updates mentioned above. Please contact us at ATE@leidos.com and we will be happy to assist.

Leidos logo
About the author
Leidos AT&E Lab Management

The Leidos AT&E Lab Management team consists of security certification experts that are on the forefront of Common Criteria and Crypto Security (notably FIPS 140-2) industry updates.

Share
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn
  • Share via Mail
  • Print Insight

Posted

November 30, 2018

Tags

Article
Cyber

Insights Newsletter Sign-up

Stay up to date on our expertise, industry leadership, unique perspectives, and more by subscribing to our newsletters.

  • Company
    • Our Business
    • Mission, Vision, and Values
    • Leadership
    • History
    • Responsibility & Sustainability
    • Ethics & Compliance
    • Contract Vehicles
    • Partners
    • Rankings & Awards
    • Subsidiaries
    • Global
  • Markets
    • Aviation
    • Defense
    • Energy
    • Government
    • Healthcare
    • Homeland
    • Intelligence
    • Science
    • Space
    • Surface Transportation
  • Competencies
    • Cyber
    • Data Science & Engineering
    • Enterprise IT Modernization
    • Integrated Systems
    • Mission Software Systems
    • Operations & Logistics
    • Sensors, Collection & Phenomenology
  • Insights
    • News
  • Careers
    • Life at Leidos
    • Pay & Benefits
    • FAQs

Want to know more?

Contact us about product information and pricing, customer feedback, stockholder services, or just to voice a concern.

Get started

  • © 2019 Leidos
  • Privacy Statement

Utility Footer Navigation

  • Products
  • Customers
  • Suppliers
  • Partners
  • Investors
  • Alumni
  • Employees
  • Twitter
  • Facebook
  • Instagram
  • Linkedin
  • YouTube