CAVP, FIPS, and Securing Cryptography Systems

Apr 17, 2024 Lazarus Alliance 0 Comment

Continuum GRC ITAM software interface used by Lazarus Alliance for efficient Common Criteria audits.

Most security standards, including government standards, require cryptography. We are generally familiar with implementing a cryptographic algorithm that meets these requirements and calling it a day. However, to ensure security, NIST also publishes standards for validating encryption modules to ensure they serve their purpose under federal standards.

Here, we’re discussing the Cryptographic Algorithm Validation Program and its relationship to closely related standards and programs, such as Federal Information Processing Standards and the National Voluntary Laboratory Accreditation Program.

NIAP and Protection Profiles

Apr 10, 2024 Lazarus Alliance 0 Comment

Professional team at Lazarus Alliance reviewing ISO/IEC 15408 standards for a Common Criteria audit.

IT security in the federal market is layered and multifaceted. Specific requirements exist for different types of data platforms and technologies. At a more granular level, standards have been developed for individual IT products: NIAP Protection Profiles.

This article will cover why these profiles are essential for federal security, how to find them, and what to do if there isn’t an available profile to follow.

FedRAMP and Penetration Testing Guidance Updates in 2024

Mar 27, 2024 Lazarus Alliance 0 Comment

Innovative FedRAMP compliance standards by Lazarus Alliance

Recently, the FedRAMP program (via the OMB) released a request for feedback on new guidance documentation for penetration testing under the program. The new guidance standards target organizations and 3PAOs undergoing or performing penetration tests under FedRAMP requirements.

The new guidance addresses new attack vectors targeting subsystems in IT infrastructure.

Here, we’ll cover his newest draft about new guidance standards for FedRAMP penetration testing.