Another PKI First for Entrust — Security Vendor Leads in Adhering to Latest Common Criteria Protection Profile
New EAL 4+ Protection Profile facilitates Common Criteria evaluation at high security levels for PKI vendors
DALLAS, April 25, 2012 /PRNewswire/ – Entrust, Inc. announces that the foundation of its comprehensive public key infrastructure (PKI) product portfolio, Entrust Authority Security Manager 8.1 SP1, is the first PKI solution to achieve Common Criteria certification against the latest approved key management Protection Profile that supports a minimum Evaluation Assurance Level 4+ (EAL).
The Common Criteria for Information Technology Evaluation (CC), and the specific Protection Profiles fostered within, help to build the broadest possible international framework for mutual recognition of IT Security products. To achieve Common Criteria certification, organizations must submit IT security products to be evaluated by competent and independent licensed laboratories so as to determine the fulfillment of particular security properties, to a certain extent or assurance (EAL level).
“The strength of identity — so critical to identity documents and the systems authorized to access them — is rooted in the strength of PKI key management and certificate issuance processes,” said Entrust President and CEO Bill Conner. “PKI is at the foundation of identity-based security infrastructures around the globe, so it’s important to establish a high level of technical assurance and subject products to rigorous third-party evaluation so customers may maintain trust in their operation.”
A pioneer of PKI more than 15 years ago, Entrust led and authored the new Protection Profile (PP) — reviewed and approved by the Communications Security Establishment Canada (CSEC) and published on the Common Criteria Portal — to help usher in a new standard in PKI validation and assurance. Per the latest profile, the “Certificate Issuing and Management Components (CIMC) Protection Profile (Version 1.5) defines requirements for components that issue, revoke, and manage public key certificates, such as X.509 public key certificates.”
Entrust contracted CGI’s IT security evaluation and test facility (ITSETF) to complete third-party evaluation of Entrust Authority Security Manager 8.1 SP1. This evaluation encompassed both facets of Entrust’s key management capabilities — traditional PKI, based on the X.509 standard, as well as PKI based on the ISO 7816 standard for Extended Access Control (EAC) for electronic identity documents, including ePassports.
“We believe in the importance of third-party validation and have completed evaluation of the Entrust PKI on each major-release code stream since 1999, recognizing that our customers place a lot of trust in this infrastructure,” said Conner. “This particular evaluation reflects the increasing role of PKI and electronic validation to establish trust of electronic citizen identity documents.”
This new Protection Profile fills a void that developed during the Common Criteria update. An earlier CIMC PP (v1.0), against which many PKI offerings were previously evaluated, was written against version 2.x of the Common Criteria and is not approved for use with the current version of Common Criteria (v3.1 R3). This new CIMC PP is approved for such use and provides a common basis for PKI conformance to Common Criteria at the EAL 4+ level and against the current Common Criteria.
Common Criteria certification is recognized globally by many national governments including the United States, Canada, United Kingdom, Germany, France, Italy, Netherlands, Israel, Spain, Japan, Australia and New Zealand.
Entrust’s first public key infrastructure — the world’s first commercially available PKI — was released in 1994. Now in its eighth edition, the Entrust Authority PKI product portfolio is the industry’s most relied-upon PKI solution. By managing the full lifecycles of digital certificate-based identities, Entrust Authority PKI enables encryption, digital signature and certificate authentication capabilities to be consistently and transparently applied across a broad range of applications and platforms.
These capabilities may be achieved by implementing a dedicated in-house PKI environment, or by partnering with a trusted certification authority (CA) to host, manage and maintain an off-site PKI.
For a copy of the “Certificate Issuing and Management Components Protection Profile (Version 1.5),” and the “Entrust Authority Security Manager 8.1 SP1 EAL 4+ Certification Report,” please visit www.commoncriteriaportal.org/pps.
A trusted provider of identity-based security solutions, Entrust empowers governments, enterprises and financial institutions in more than 5,000 organizations spanning 85 countries. Entrust’s award-winning software authentication platforms manage today’s most secure identity credentials, addressing customer pain points for cloud and mobile security, physical and logical access, citizen eID initiatives, certificate management and SSL. For more information about Entrust products and services, call 888-690-2424, email firstname.lastname@example.org or visit www.entrust.com.
Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. In Canada, Entrust is a registered trademark of Entrust Limited. All Entrust product names are trademarks or registered trademarks of Entrust, Inc. or Entrust Limited. All other company and product names are trademarks or registered trademarks of their respective owners.
SOURCE Entrust, Inc.