{"id":2340,"date":"2024-06-14T20:08:46","date_gmt":"2024-06-14T18:08:46","guid":{"rendered":"http:\/\/10.0.1.197\/?p=2340"},"modified":"2024-06-14T20:08:46","modified_gmt":"2024-06-14T18:08:46","slug":"changes-coming-to-niap-entropy-assessment-reports-in-2025","status":"publish","type":"post","link":"http:\/\/192.168.0.78\/changes-coming-to-niap-entropy-assessment-reports-in-2025\/","title":{"rendered":"Changes Coming to NIAP Entropy Assessment Reports in 2025"},"content":{"rendered":"\n
\u201cWhat do you say to a room full of DRBGs standing around you? Everyone, please be seeded.\u201d<\/em> For the rest of the calendar year (CY24), EARs do not require an ESV certificate, and vendors using third-party entropy sources can provide clearly stated estimates of how much entropy their third-party solution provides. That said, getting a head start and going through an ESV assessment to get a certificate can help you prepare for both FIPS and NIAP CC evaluations, and can be used to strengthen your EAR for NIAP before the change goes into effect.<\/p>\n\n\n\n If you\u2019re uncertain how to approach these changes, we\u2019re always available to answer questions via phone or email, and Quin and our other testers have already taken training to understand how to navigate the road ahead. Rest assured, we\u2019ll approach it with a light heart.<\/p>\n\n\n\n You can read NIAP\u2019s announcement regarding the upcoming changes on their website in Labgram #118\/Valgram #137<\/a>, and a more detailed overview of the changes is available in NIAP\u2019s Clarification to the Entropy Documentation and Assessment Annex<\/a> document.<\/p>\n","protected":false},"excerpt":{"rendered":" \u201cWhat do you say to a room full of DRBGs standing aroun […]<\/p>\n","protected":false},"author":2,"featured_media":2341,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[15,12],"tags":[],"_links":{"self":[{"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/posts\/2340"}],"collection":[{"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/comments?post=2340"}],"version-history":[{"count":1,"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/posts\/2340\/revisions"}],"predecessor-version":[{"id":2342,"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/posts\/2340\/revisions\/2342"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/media\/2341"}],"wp:attachment":[{"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/media?parent=2340"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/categories?post=2340"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/192.168.0.78\/wp-json\/wp\/v2\/tags?post=2340"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\u00a0 -Quin, atsec tester<\/strong>
When things change, it can help to approach that change with a light heart like this.
Recently, NIAP announced that Entropy Assessment Reports (EARs) must include a NIST Entropy Source Validation (ESV) certificate starting at the turn of the year on January 1st, 2025. This change will be most felt by vendors using third-party entropy sources, as it will be necessary for those third-party entropy sources to have an ESV certificate that can be used in the EAR; for vendors using their own software or hardware entropy sources, comprehensive documentation will be required for the ESV assessment, along with more stringent testing.<\/p>\n\n\n\n