• 博客(76)
  • 收藏
  • 关注

原创 现代网络架构PCI DSS合规范围确定和网络分割措施实施探讨

本文档主要探讨云环境和现代网络架构的分割控制,并为有关组织提供如何将传统网络安全原则适用于具有动态性和分布式特性的现代网络架构环境的建议,以支持组织更好的符合 PCI DSS标准要求。

2024-11-29 21:41:16 966

原创 Final Call to Submit for Interim Validation

The CMVP is moving back to its normal certification process, which means interim submissions are being closed.

2024-11-28 09:04:49 280

原创 atsec at the PCI Community Meeting 2024

The PCI (Payment Card Industry) Security Standards Council had its 2024 Asia-Pacific Community Meeting in Hanoi, Vietnam from the 20th to the 21st of November, and atsec both hosted a booth and gave a presentation at the conference.

2024-11-26 09:03:49 278

原创 atsec at the CCUF and ICCC24 in Qatar

This last Sunday, members of theCommon Criteria User Forum(CCUF) gathered in Qatar for the 26thCCUF Workshop to discuss several pertinent topics, including the ISO updates, iTC support, and the CCRA.

2024-11-05 15:16:47 835

原创 Strengthening IoT Security: The Role of SESIP Certification

The rapid expansion of the Internet of Things (IoT) revolutionized industries, cities, and homes, connecting billions of devices to streamline operations and enhance everyday life.

2024-10-10 08:57:37 1091

原创 ICMC 2024 Update

It was nice to see our colleagues, partners, and friends in person at the ICMC 2024 in San Jose;

2024-10-10 08:57:10 147

原创 PCI支付卡产业第三方服务供应商TPSP的管理与实践

本文主要探讨如何识别在PCI DSS审核范围内的第三方服务提供商(TPSP),并且分享从引入TPSP到日常管理TPSP的一系列最佳实践方法,以达到PCI DSS的合规要求,最终确保持卡人数据得到有效保护。

2024-10-08 20:48:51 819

原创 The NCCoE’s Automation of the CMVP

The NCCoE presented an update for the Automated CMVP at ICMC 2024 – we have a bit more detail on atsec’s involvement!

2024-09-23 09:28:51 821

原创 ICMC 2024 has Arrived, and We’ll See You There

It’s finally time for the International Cryptographic Module Conference this year! ICMC 2024 will perhaps be the most energized ICMC to date, as post-quantum cryptography (PQC)

2024-09-19 09:13:21 965

原创 Exciting Milestone: First atsec Cybersecurity Certificates Issued for Common Criteria

We are thrilled to announce that atsec’s Certification Body (CB) officially issued its first cybersecurity certificates for Common Criteria.

2024-08-29 10:34:27 603

原创 atsec出席2024 PCI社区会议

atsec将参加2024年11月20日和21日在越南河内举行的支付卡产业安全标准委员会(PCI SSC: Payment Card Industry Security Standards Council)亚太社区会议,并与往年一样设置展位。

2024-08-27 14:36:30 268

原创 First Post Quantum Cryptographic Algorithm Certificates Issued

NIST published the final version of FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA) on August 13, 2024, making the first post-quantum cryptographic (PQC) algorithms official and wrapping up an eight-year effort to prepare us.

2024-08-19 09:53:14 1089

原创 atsec再次成为2024-2026年度的PCI GEAR成员

atsec自2018年PCI GEAR成立之初就加入了PCI GEAR。2024年,atsec是PCI GEAR的33个成员之一,致力于在全球范围内保护支付数据。作为战略合作伙伴,圆桌会议成员代表评估者社区为PCI安全标准委员会(SSC:Security Standards Council)的计划和项目带来了产业、地域性和技术性的见解。

2024-08-15 09:11:27 814

原创 atsec增加Swift CSP评估资质

atsec信息安全评估员现已被Swift列为Swift客户安全计划(CSP:Customer Security Programme)认证评估员目录中的评估提供商,可以帮助全球金融机构评估其针对CSP强制性和咨询性控制的合规级别。在金融行业,Swift要求使用其消息平台的金融机构接受独立评估提供商的评估,以加强围绕其金融消息服务的安全生态系统。

2024-08-06 14:40:53 393

原创 Guiding the Way through the World of Cyber Security

It is atsec’s firm belief that effective security assurance can only truly be accomplished when the product developers proactively incorporate security requirements they thoroughly understand.

2024-08-06 08:48:44 618

原创 First SP800-140Br1 Compliant FIPS 140-3 Certificates

​On July 11th, 2024, the first three FIPS 140-3 certificates forNIST’s SP800-140Br1pilot program were posted on the NIST website. atsec information security was one of the labs that took part in the pilot program.

2024-07-15 10:51:03 755

原创 Changes Coming to NIAP Entropy Assessment Reports in 2025

Recently, NIAP announced that Entropy Assessment Reports (EARs) must include a NIST Entropy Source Validation (ESV) certificate starting at the turn of the year on January 1st, 2025.

2024-06-17 08:46:13 522

原创 支付卡产业最新发布PCI DSS v4.0.1

自2022年3月PCI DSS v4.0发布以来,受到全球支付产业高度关注,为了解决来自所有产业相关者的反馈和问题,PCI安全标准委员会(PCI SSC)发布了该标准的修订版PCI DSS v4.0.1。其中包括对格式和印刷错误的更正,也澄清了一些要求和指南的重点和意图。本修订版中没有附加或删除的要求内容。

2024-06-13 10:49:39 601

原创 BSI NESAS CCS-GI Scheme Updates

We'd like to inform our customers and partners that the German Federal Office for Information Security (BSI) recently published new documents approving the use of additional Security Assurance Specifications (SCAS).

2024-06-11 10:11:03 914

原创 EUCC and Cybersecurity Certification in Europe

​The European Union Agency for Cybersecurity (ENISA) hosted acybersecurity certification conferenceon April 18, 2024, in Brussels, Belgium. The conference very much focused on the implementation of the EUCC - European Cybersecurity Certification Scheme.

2024-04-24 09:20:28 617

原创 atsec Adds FIDO Evaluation Qualification

atsec information security (branded as “atsec”) has been qualified by the FIDO Alliance as one of the FIDO Accredited Security Laboratories to evaluate the authenticator products.

2024-04-11 09:29:52 531

原创 atsec AB first IEEE 2621 Accredited Medical Device Testing Facility

atsec AB Stockholm, Sweden is thrilled to announce: We are the first IEEE Authorized Testing Facility!

2024-04-08 11:14:32 565

原创 BREAKING NEWS: c@tsec information security Unveils Revolutionary Quantum Computer

April 1, 2024 – Austin, TX: In a groundbreaking announcement today, c@tsec information security, a subsidiary of atsec information security, and the leader in quantum computing technology, proudly unveils its latest innovation: the Quantum PurrProcessor™.

2024-04-01 14:05:26 895

原创 XDRGB - Random Bit Generator using any XOF

Resulting from a joint collaboration between John Kelsey (NIST), Stefan Lucks (Bauhaus-Universität Weimar, Germany) and Stephan Müller (atsec information security), a new deterministic random bit generator (DRBG) is published.

2024-03-28 09:27:06 402

原创 PCI产业概述和产业发展动态分享

我们是从商户购买商品或服务的“支付卡的持卡人”,商户向收单机构发送支付交易数据,收单机构通过卡组织的支付网络向发卡机构发送支付业务数据。发卡机构是实际向持卡人发卡的机构,持卡人执行支付交易时,发卡机构都会向商户的收单银行提供交易授权或拒绝。收单机构和发卡机构需要交换支付信息来完成交易的过程称为“清算”(Clearing)。商户银行(收单机构)为持卡人的购买向商户付款以及持卡人的银行(发卡机构)向持卡人开具账单的过程称为“结算”(Settlement)。

2024-03-25 11:00:14 777

原创 PCI DSS针对恶意脚本防范的新要求及其方案探讨

2022年3月,支付卡行业安全标准委员会(PCI SSC)公布了PCI DSS v4.0版本。新的PCI DSS版本中引入了有关恶意脚本防范的新要求,特别是条款6.4.3和条款11.6.1。本文旨在探讨条款6.4.3和11.6.1的具体技术要求、对信息安全的影响以及如何实施其安全方案以满足这两项新要求。

2024-03-19 12:18:08 1769

原创 Happy Pi Day

To All our Math lover colleagues, Happy Pi Day.

2024-03-14 14:18:49 438

原创 Crypto Module Bootcamp 2024

On Tuesday, February 27, 2024, atsec information security hosted a free day-long hybrid event on the Concordia University campus in Austin, TX.

2024-03-11 09:39:11 882

原创 PCI PIN标准相关截止时间的解读以及近期重要信息分享

众所周知,PIN(个人识别码)数据用于在终端发出的授权请求中对持卡人进行身份验证。PIN仅由十进制数字组成。PIN码也经常被大家俗称为信用卡的密码。因此,PIN码属于机密性最高的支付认证数据。PCI标委会针对PIN数据保护专门出台了用于保护PIN数据以及相关密钥数据的安全标准 “PCI PIN安全要求和测试程序。本文重点对PCI PIN标准提及的一些安全要求点的截止时间进行了解读,并介绍了近两年来产业内关于PCI PIN标准的一些重要信息。

2024-03-05 16:27:36 2023 1

原创 来自atsec的节日祝福!

全体atsec团队祝福我们的同事、客户、合作伙伴以及供应商圣诞快乐,新年快乐。

2023-12-21 11:23:20 476

原创 A FIPS 140-3 compliant hybrid KEM algorithm

In addition to the sole use of Kyber KEM, a hybrid mechanism using X25519 can be devised that acts as a drop-in replacement for Kyber KEM.

2023-12-06 09:10:12 1610

原创 PQC: Kyber and Dilithium - State of the (Draft) Standards

On November 15 2023 NIST announced that the three algorithms will be available for testing at the ACVP Demo service.

2023-11-21 10:43:22 255

原创 atsec at the PCI Community Meeting 2023

atsec participated in the PCI (Payment Card Industry) Security Standards Council 2023 Asia-Pacific Community Meeting held in Kuala Lumpur, Malaysia, on 15 and 16 November and hosted a booth.

2023-11-17 11:41:47 144

原创 atsec at the International Common Criteria Conference 2023

As in previous years, atsec is attending the International Common Criteria Conference, this time in Washington DC from October 31st to November 2nd 2023.

2023-11-01 09:00:19 440

原创 Cybersecurity Requirements for Medical Devices

On September 26, 2023, The Food and Drug Administration (FDA) released their finalized Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions guidance document.

2023-10-16 09:50:51 189

原创 PCI 3DS 技术常见问题解答(FAQ)简介

备选的HSM管理要求从如何加强认证操作人员身份(采用多因素认证方式)、采用安全通道、双人操作和知识分离方式、经过安全认证的安全加密设备(SCD:Secure Cryptographic Device)对密钥进行操作等方面入手确保实现对HSM的安全管理,做到了在不降低安全要求级别的前提下,极大的减少对3DS实体对HSM的操作限制,有效的提供了3DS实体的操作效率。对于PCI 3DS评估,机构除了需要符合PCI 3DS核心安全标准的要求,还需要考虑PCI 3DS 技术FAQ“

2023-10-08 09:46:14 393

原创 The 11th International Cryptographic Module Conference

​The11th International Cryptographic Module Conference (ICMC)started today. This year the conference is held from September 20th to 22nd 2023 at the Shaw Center in Ottawa Canada.

2023-09-21 16:29:41 134

原创 Artificial Intelligence in Evaluation, Validation, Testing and Certification

Everybody seems to jump on the AI bandwagon these days, “enhancing” their products and services with “AI.” It sounds, however, a bit like the IoT hype from the last decade when your coffee machine desperately needed Internet access.

2023-09-13 14:56:03 142

原创 atsec出席2023年PCI社区会议发表主题讲演

atsec将参加2023年11月15日至16日在马来西亚举办的PCI亚太地区社区会议(PCI Community Meeting),并发表技术讲演和分享。

2023-09-07 10:23:05 137

原创 Entropy Source Validation (ESV) Certificate Issued for the Intel DRNG

Recently the CMVP has granted ESV certificate #E57 to the Intel DRNG entropy source. The testing and submission was done by atsec and it marks the first ESV certificate granted to the Intel DRNG.

2023-08-21 13:11:51 151

空空如也

空空如也

TA创建的收藏夹 TA关注的收藏夹

TA关注的人

提示
确定要删除当前文章?
取消 删除