Global Partners
News
Proofpoint's Email Security and Data Loss Prevention Solution Undergoes Rigorous Common Criteria Evaluation Process
Proofpoint, Inc., the leading provider of unified email security and data loss prevention solutions, today announced that the Proofpoint Protection Server(R) version 5 software is officially in evaluation for an EAL2+ certification under the Canadian Communications Security Establishment's (CSE) Common Criteria Evaluation and Certification Scheme (CCS). Common Criteria evaluation is mandated for commercial information security products purchased by governments worldwide, including the United States government. Proofpoint's decision to undergo Common Criteria evaluation further demonstrates the company's commitment to delivering the highest quality solutions to government organizations worldwide.
GlobalSCAPE achieves FIPS 140-2 validation through EWA-Canada
”Today, more than ever, there is an implicit concern about protecting and securing sensitive files,” said Erin Connor, lab director at EWA-Canada, the independent, third-party FIPS 140-2 testing lab that tested the GlobalSCAPE module for FIPS 140-2 validation. “With the validation of the cryptographic module in its Secure FTP Server solution, GlobalSCAPE has taken a significant step in ensuring its users that their files are safe and private. Throughout the process, GlobalSCAPE easily met all of the stringent requirements and testing to achieve FIPS 140-2 validation, resulting in a solution that not only adheres to the standard but offers the functionality and features needed to keep pace in today’s marketplace.”
GlobalSCAPE’s Secure FTP Server Cryptographic Module Achieves FIPS ...
1 Feb 2008 - EWA-Canada SCAP Test Lab Accreditation awarded by NIST & NVLAP: NIST lists SCAP-validated tools
EWA-Canada’s IT Security Evaluation & Test (ITSET) laboratory was the first lab accredited by the National Institute of Standards and Technology (NIST) and the National Voluntary Laboratory Accreditation Program (NVLAP) to perform Security Content Automation Protocol (SCAP) testing under the Information Security Automation Program.
The Information Security Automation Program (ISAP) is a U.S. government multi-agency initiative to enable automation and standardization of technical security operations. The Security Content Automation Protocol (SCAP) is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation (e.g., FISMA compliance). US Federal agencies must use certified tools to determine and verify that their systems are using the NIST – approved standard configuration(s). Vendor's tools that claim SCAP conformance can now be validated.
EWA-Canada’s ITSET lab is also an accredited Common Criteria Test Lab (CCTL, or CLEF – Commercial Lab Evaluation Facility) and a device certification agent for the Payment Card Industry (PCI) and the Interac® Association (Canada’s financial services network). The accreditation to perform SCAP testing expands our accreditation to perform FIPS 140 Cryptographic Module testing and FIPS 201 Personal Identity Verification (PIV) testing as a NVLAP Cryptographic and Security Testing lab. This new capability expands EWA-Canada’s commitment to offer its clients one-stop shopping for all of their IT Security certification and validation testing needs.
Telco Face Enormous challenges Building New IP Apps
The world's telephone companies and their suppliers gathered in Monte Carlo this spring for some high-stakes activity that had nothing to do with baccarat tables or roulette wheels. The focus of their high-level powwow was IP Multimedia Subsystem, or IMS, the technology that most big telcos had once identified as the industry-saving platform for creating more IP applications more quickly, enabling them to finally escape their dependence on a handful of commodity services.
http://www.informationweek.com/story/showArticle.jhtml?articleID=204803041
The eight most dangerous consumer technologies
In a recent survey of corporate users by Yankee Group Research, 86% of the 500 respondents said they had used at least one consumer technology in the workplace, for purposes related to both innovation and productivity. Unfortunately, this trend poses problems for IT organizations. For one thing, the use of these technologies increases the risk of security breaches. Moreover, users expect IT to support these devices and services, especially once they interact with applications in the corporate environment.
http://www.networkworld.com/news/2007/091007-the-eight-most-dangerous-consumer.html?inform
Five technologies most likely to make a splash in 2007
It seems like every month a new technology emerges with the potential to change everything. Technology writers and analysts get hyperexcited. Everyone starts patting one another on the back and hugging. And two years later, we're still talking about the promise of that technology, with little to show in the here and now. http://www.itworldcanada.com/Pages/Docbase/ViewArticle.aspx?id=idgml-1ed00a5a-d9ac-48c8&sub=391762
Gartners Good, Bad and Ugly for 2007
The Good
By 2010, the average total cost of ownership of new PCs will decrease by 50%. The growing importance and focus on manageability, automation and reliability will help differentiate PCs in a market that is increasingly commoditized. Many of the manageability and support tools will be broadly available across multiple vendors. Vendors that can graduate from claims of mere "goodness" to concrete examples of cost savings will have an advantage.
The Bad
By the end of 2007, 75% of enterprises will be infected with undetected, financially motivated, targeted mal-ware. These attacks will evade traditional perimeter and host defenses. The threat environment is changing: Targeted attacks for financial gain are increasing, and automated mal-ware generation kits allow simple creation of thousands of variants quickly. But our security processes and technologies haven't kept up.
The Ugly
Through 2011, enterprises will waste $100 billion buying the wrong networking technologies and services. Enterprises are missing out on opportunities to build a network that would put them at a competitive advantage. Instead, they follow outdated design practices and collectively will waste at least $100 billion over the next five years.
Source: Gartner inc., 2006
Common Criteria
Due to fiscal constraints, beginning on October 1, 2006, for FY07, the NIAP CCEVS will only accept Medium and High Robustness PP compliant products in support of National Security customers.
http://www.niap-ccevs.org/cc-scheme/
New CCS Instruction # 2 In order to maintain a high quality evaluation and certification service the CCS will introduce an evaluation prioritization process on 31 January 2007.
http://www.cse-cst.gc.ca/services/common-criteria/common-criteria-e.html
Common Criteria
BlackBerry Enterprise Server and BlackBerry Device Software Gain International Security Accreditation:
Rome, Italy - Research In Motion (RIM) (NASDAQ:RIMM)(TSX:RIM) today announced that its BlackBerry® Enterprise Server and BlackBerry® device software have been awarded Common Criteria Evaluation Assurance Level 2 augmented (EAL 2+) validations. The certifications were awarded at the 8th International Common Criteria Conference in Rome and acknowledge the robust security features of the BlackBerry® Enterprise Solution.
http://www.rim.com/news/press/2007/pr-25_09_2007-02.shtml
FIPS
GlobalSCAPE's Enterprise EFT Server and Secure Server Cryptographic Module on Track for FIPS Security Standards Certification:
GlobalSCAPE (AMEX:GSB), a leading provider of products that allow companies to move, store and share files securely over the Internet, announced that the Cryptographic Module to be embedded in its Secure Server and flagship, enterprise-class EFT Server products, has satisfied Federal Information Processing Standards (FIPS) pre-validation requirements. The Cryptographic Module has been placed on the FIPS 140-2 pre-validation list and now awaits the final certification review. EWA Canada, contracted by GlobalSCAPE to perform the validation testing, submitted GlobalSCAPE's Cryptographic Module package and test report to NIST for review; certification is expected in Q1 2008.
http://www.pr-inside.com/globalscape-s-enterprise-eft-server-and-r261587.htm
Canada is not only moving to chip and PIN but also NFC.
RBC and Visa Canada are teaming up to be the first in Canada to pilot a mobile payment service that uses cell phones rather than traditional credit cards for making Visa purchases. The Ontario-based pilot is expected to be completed in 2008. As part of the pilot, mobile devices will be embedded with Near Field Communication (NFC) contactless chips.
With Canada and Mexico rapidly moving towards EMV deployment, witness the world’s largest player in the credit card market, the United States, left out in the cold. Some say it’s not a matter of if, but when, the U.S. will implement EMV. One reason: once its northern and southern neighbors are EMV-complaint, crooks may find much easier pickings in the U.S. - Secure ID News March 22 07
The European Parliament's Scientific Technology Options Assessment group has published a study of RFID technology used daily in Europe, including credit cards, passports, and retail applications. The study covers the benefits of
RFID technology and the potential for misuse of the data generated.
http://www.eweek.com/article2/0,1895,2159666,00.asp
MCDONALD'S CANADA ANNOUNCES PLANS TO ACCEPT MASTERCARD PAYPASS & CHIP CARDS
Source: Canada News wire (06/25) McDonald's Restaurants of Canada announced plans to accept two new payment options that will give its customers a convenient alternative to cash. McDonald's will begin installing MasterCard's PayPass readers and chip card terminals in some of its 1,400 restaurants across Canada as early as 2008. "We're excited about our plans to further enhance the customer experience through these new payment options," said Laurie Laykish, Senior Vice-President Marketing & Strategic Planning, McDonald's Restaurants of
Canada. "We are always listening to our customers and responding with new innovations to meet the needs of their on-the-go lifestyles, whether it be with drive-thru's, menu choices or, in this case, more convenient payment options." "We are pleased to be working with McDonald's to provide their customers with the tap and go convenience of MasterCard(R) PayPass(TM)," said Kevin Stanton, President of MasterCard Canada.
MasterCard Canada is a member of ACT Canada; please visit http://www.mastercard.ca
Identity Management
EDS SELECTED BY GSA FOR $66 MILLION HSPD-12 IDENTITY MANAGEMENT SERVICES
CONTRACT FOR FEDERAL AGENCIES Source: EDS
(04/25)
EDS announced it has been selected by the U.S. General Services Administration to provide identity management services to federal government civilian agencies. These services will allow agencies to comply with Homeland Security Presidential Directive 12 (HSPD-12), which calls for a mandatory government-wide standard for a secure common form of identification for all federal government employees and contractors. The single award GSA Federal Supply Schedule task order is worth $66 million and will run through September 2011 if all options are exercised. Under this contract, the EDS team will support GSA in issuing identity credentials to approximately 420,000 employees at 42 federal civilian agencies. EDS will provide a shared service solution for end-to-end managed services for core HSPD -12 system components
EDS is a member of ACT Canada; please visit http://www.eds.com
The Biggest Threat from Cyber Warfare Lies in the Future!
By Stephen Fidler
Published: September 8 2007
The lights go out; the internet goes down. Banks close; cash machines fail. Radio and television stations stop broadcasting. Airports and railway stations bar their doors. City streets are jammed with traffic. After a long night of uncertainty, power and communications are still blacked out - in fact, they might not come back for months. People start to panic and, as looters emerge, police are unable to restore order. With savings out of reach, the only things of value are fuel, food and water.
http://www.ft.com/cms/s/0/725fecb2-5da3-11dc-8d22-0000779fd2ac.html
International Common Criteria Conference in Rome
EWA-Canada will be making three (3) presentations at the International Common Criteria Conference in Rome next week. Topics include Developer Documentation - A Who to guide, Certification maintenance using assurance continuity EWA-Canada experience and Synergies of the Common Criteria with other standards.
More information on the conference can be found at: http://www.8iccc.com/