Carahsoft, in conjunction with its vendor partners, sponsors hundreds of events each year, ranging from webcasts and tradeshows to executive roundtables and technology forums.

Government Events and Resources

Events

Thales_LOGO_.png
Thales Trusted Cyber Technologies (TCT)

CTO Sessions: Quantum-Resistant Code Signing


Event Date: April 25, 2024
Hosted By: Thales TCT & Carahsoft

Stateful hash-based signature (HBS) schemes are digital signature schemes believed to be resistant to the threat posed by a cryptographically relevant quantum computer. NSA’s CNSA 2.0 encourages vendors to adopt stateful HBS schemes as defined in SP 800-208 immediately for all software and firmware code signing, with a requirement to support them by 2025.

SP 800-208 requires that all stateful HBS key generation and signature algorithms be implemented within a FIPS 140 certified HSM with level 3 physical security.  Furthermore, the HSM “shall not allow for the export of private keying material.” This is intended to ensure that the state of the OTS signature keys is always enforced and keys are never reused, which would introduce cryptologic vulnerabilities into the signature scheme.

Attendiees of this webcast learned about Thales TCT’s SP800-208 Compliant Code Signing Solution. Thales TCT’s crypto-expert, Evan Pelecky, discussed topics including:

  • What stateful HBS schemes are
  • How stateful HBS schemes compare to classical algorithms
  • When to use stateful HBS for code signing
  • What SP 800-208 requirements are for hardware security modules
  • How Thales Luna hardware security modules support LMS/HSS

Fill out the form below to view this archived event.


Resources

Keeping the Government and Education Workforce Productive and Secure - A SASE Zero Trust Approach
Webinar

Keeping the Government and Education Workforce Productive and Secure - A SASE Zero Trust Approach

The hybrid workforce and direct-to-app architectures have rendered legacy security architectures obsolete while dramatically increasing our attack surface. Cloud-based security with ZTNA 1.0 approaches have emerged as potential solutions, but they only solve part of the problem, failing to adequately secure today's work-from-anywhere users and direct-to-app architectures.This session explains a modern approach to ZTNA and how it is imperative to leverage its key principles to keep Government Workers and Education Faculty & Staff productive and secure. Discussion topics include: How has the Government and Education Workforce environment changed, and why ZTNA 1.0 falls short in securing today's hybrid workforces? What are the core tenants of ZTNA 2.0, and how they solve today's Government & Education Workforce security challenges? What are the key use cases to get started on your ZTNA 2.0 journey?


Fill out the form below to view this Resource.