We are proud to announce that PrimeKey’s EJBCA Enterprise has achieved Common Criteria certification conformant to the Protection Profile for Certification Authorities, a Collaborative Protection Profiles (cPP) approved by the National Information Association Partnership (NIAP). This means that we have demonstrated adherence to the high set standards of the Common Criteria Recognition Agreement, used, trusted, and often required by entities such as the U.S. Government.
Common Criteria is the widest available mutually recognized IT security certification of IT products. It is a certification that many governments require for products used in critical IT infrastructure. PrimeKey’s products have been certified by Common Criteria before and have now passed the rigorous evaluation process again.
In the words of Jerome Bordier, Directeur Associé at SealWeb, an independent company: “In brief, CC-evaluation of a PKI software with respect to the PP4CA is an efficient way to obtain a well-founded assurance that the said software actively contributes to the security of the CA’s and HSM’s IT security environment and to the conformance of the CA’s organization and practices to the ETSI EN 319411/319401 standards.”
For a PKI (Public Key Infrastructure) product, such as EJBCA Enterprise, to become Common Criteria Certified, you need to complete a series of stages:
- Creation of the Security Target
- Approval of the certification with the Certification Body
- Lab Evaluation (testing)
- Lab report
- Certification by the Certification Body
“We are proud to have achieved the Common Criteria certification for EJBCA Enterprise.” said Harry Haramis, General Manager of PrimeKey U.S. “It is yet another proof point of the level of quality and security of PrimeKey’s products. It will also open the door for continued deeper discussions with federal agencies about their security solutions.”
In this certification, PrimeKey has chosen to use the most modern Collaborative Protection Profiles, cPP. This certification profile is increasingly preferred over the more traditional EAL profile by governments around the globe, including the United States. When it comes to solutions used by US Government NSS, National Security Systems, the certification is a mandatory requirement to be part of the Commercial Solutions for Classified (CSfC) Program.
“ This certification is another example of PrimeKey’s commitment to global standards and certifications to ensure our customers have access to the latest features in the most secure manner. We are committed to maintain the highest level of Trust in our products to help our customers exceed their most important cyber security requirements,” said PrimeKey CEO Magnus Svenningson.
More information on Common Criteria
More information about the EJBCA Enterprise common criteria certification