Cisco Blogs


Cisco Blog > Government

ICCC 2013: Improving Common Criteria Standards for New Technologies

In order for government and enterprise organizations to keep their data secure from increasingly advanced cyber threats, security solutions and protocols are critical. However, these organizations must ensure that their chosen security solutions meet key security criteria, are standards based, perform as expected and interoperate reliably with existing technology.

The challenges above are why Common Criteria was created. Common Criteria is an international standard for IT product security and reliability. In fact, many governments will not use security products that don’t meet Common Criteria standards.

This year, the International Common Criteria Conference is being held in Orlando, Florida from September 10-12. The conference is a place for Certification Bodies, Evaluation Laboratories, Researchers, Evaluators, Product Makers and Buyers and Sellers to come together and exchange ideas in order to improve Common Criteria.

Cisco will lead multiple sessions covering topics like Cryptography, Network Device Protection Profiles, Improving Common Criteria and Marketing Common Criteria.

Details on the speaking sessions presented by and in collaboration with Cisco are below:

  • Keynote Speaker: CCUF Perspective

September 11 from 9-9:30AM ET

Alicia Squires, Cisco, CCUF Chair

  • Marketing the New CC

September 11 from 9:30-11AM ET

Moderator: Mark Loepker, NIAP, CCES Chair

Panelists: Joshua Brickman, Oracle; Jen Gilbert, Cisco; Matt Keller, Corsec; Eric Winterton, Booz Allen Hamilton.

  • Entropy Sources -- Industry Realities and Evaluation Challenges

September 11 from 10-10:30AM ET

Alicia Squires: CISSP, Product Certification Engineer, Cisco Chair, CCUF Management Group

  • Cryptography and Common Criteria

September 11 from 11:30-12PM ET

Ashit Vora, Manager, Common Criteria Certification, Cisco and Chris Brych, Manager, Security Certifications, SafeNet, Inc.

  • Lessons and Recommendations from Evaluating Against NDPP in Three Different Schemes

September 11 from 5-5:30PM ET

Terrie Diaz, Product Certification Engineer, Cisco and Ashit Vora, Manager, Common Criteria Certification, Cisco

  • Widening the Use of CC for End Users Worldwide

September 12 from 9:30-11AM ET

Moderator: Michele Mullen, Director, ATA, CSEC

Adam Golodner, Director, Global Security & Technology Policy, Cisco; Steve Lipner, Microsoft; Blackberry (INVITED); Ericsson (INVITED)

Tags: , , , , , ,

David McGrew Discusses Legacy Encryption Solutions with Mike Danseglio of 1105 Media at RSA 2013

Today, many encrypted networks use insecure cryptography. Attackers exploiting weak cryptography are nearly undetectable, and the data you think is secure is less safe every day. Legacy encryption technology can’t keep up with current advances in hacking and brute force computing power. Additionally, legacy solutions are increasingly inefficient as security levels rise, and perform poorly at high data rates. In order to stay ahead of this challenge, encryption needs to evolve.

Read More »

Tags: , , , , , , ,

Who really broke Enigma?

October 16, 2012 at 8:28 am PST

Some of the best conversations happen in private exchanges and I often wish we could all benefit more broadly.  This most recent conversation was instructive in and of itself but it also pointed out a level of transparency both Jimmy Ray and I prefer.  So hopefully it goes to say -- we welcome your input! We certainly don’t get it right all the time!

Episode 119 featured Next Generation encryption and we mistakenly attributed Great Britain with breaking Enigma. One of our Cisco fans from Warsaw, Bartlomiej (Bartek) Michalowski, sent us a note.

Read More »

Tags: , , , ,

Next Generation Encryption Algorithms

Over the years, numerous cryptographic algorithms have been developed and used in many different protocols and functions. Cryptography is by no means static. Steady advances in computing and in the science of cryptanalysis have made it necessary to continually adopt newer, stronger algorithms, and larger key sizes. Older algorithms are supported in current products to ensure backward compatibility and interoperability. However, some older algorithms and key sizes no longer provide adequate protection from modern threats and should be replaced.

Over the years, some cryptographic algorithms have been deprecated, “broken,” attacked, or proven to be insecure. There have been research publications that compromise or affect the perceived security of almost all algorithms by using reduced step attacks or others (known plaintext, bit flip, and more). Additionally, every year advances in computing reduce the cost of information processing and data storage to retain effective security. Because of Moore’s law, and a similar empirical law for storage costs, symmetric cryptographic keys must grow by 1 bit every 18 months. For an encryption system to have a useful shelf life and securely interoperate with other devices throughout its life span, the system should provide security for 10 or more years into the future. The use of good cryptography is more important now than ever before because of the very real threat of well-funded and knowledgeable attackers.

Next Generation Encryption (NGE) technologies satisfy the security requirements described above while using cryptographic algorithms that scale better. For more information on Legacy, Acceptable, Recommended and NGE algorithms that should be avoided or used in your networks, you can refer to our latest Whitepaper.

Tags: , , ,

Cisco Unified IP Phones earn FIPS Certification!

March 9, 2012 at 1:37 pm PST

The Global Certification Team is proud to announce the FIPS 140-2 Crypto certification of the 6900 and 7900 Series IP Phones.

The phones received FIPS certificate #1647 for Models 6901 and 6911 and Certificate #1650 for 6921, 6941, 6945, and 6961.  Finally the 7906G, 7911G, 7931G, 7941G, 7942G, 7945G, 7961G, 7961GE, 7962G, 7965G, 7970G, 7971G, 7971GE, and 7975G were awarded FIPS certificate #1689.

Take full advantage of converged voice and data networks while retaining the convenience and user-friendliness you expect from a business phone. Cisco Unified IP Phones can help improve productivity by meeting the needs of users throughout your organization. Advanced media endpoints in this innovative suite of Cisco Unified IP Phones enhance the end-user experience.

6900 Series on Cisco.com

7900 Series Phones on Cisco.com

FIPS-140 is a US and Canadian government standard that specifies security requirements for cryptographic modules. A cryptographic module is defined as “the set of hardware, software, and/or firmware that implements approved security functions (including cryptographic algorithms and key generation) and is contained within the cryptographic boundary.” The cryptographic module is what is being validated.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,