nCipher nShield® XC Hardware Security Modules Achieve Common Criteria EAL4+ Certification
nShield® HSMs certified to eIDAS Protection Profile EN 419 221-5
nCipher Security, an Entrust Datacard company and provider of trust, integrity and control for business-critical information and applications, announces that its nShield® XC hardware security modules (HSMs) have received Common Criteria EAL4+ certification. This certification confirms that nShield HSMs meet the requirements of the European Union’s electronic Identification, Authentication and Trust Services (eIDAS) regulation.
“Our company has long championed best practices and industry standards, and this level of security certification demonstrates our commitment to achieving the highest standards and compliance requirements,” says Peter Galvin, vice president strategy, nCipher Security. “Common Criteria EAL4+ certification is based on independent review of the nShield XC HSM and its security properties, which is a powerful tool for building trust and confidence for nCipher customers. By meeting this standard, government agencies and private sector enterprises deploying nCipher HSMs can be assured they are implementing the most secure solutions available.”
With this Common Criteria certification, service providers who issue digital certificates, time stamps, or digital signatures can use nShield HSMs as a part of eIDAS compliant solutions. eIDAS compliance is required in the European Union, and has been adopted by many other countries around the world for government-to-government and government-to-citizen services, provision of public services and website certificates, and regulated markets such as banking, financial services and healthcare. eIDAS can be used for any cross-border services such as car rental, or whenever a business wants to ensure the legal validity of an electronic signature.
To find out more about how nCipher HSMs can be used as part of an eIDAS compliant solution click here.
About Common Criteria
The international Common Criteria standard was developed to unify and supersede national IT security certification schemes from several different countries, including the US, Canada, Germany, the UK, France, Australia, and New Zealand. Common Criteria certified solutions are required by governments and enterprises around the world to protect their mission-critical infrastructures. Common Criteria is often a prerequisite for qualified digital signatures under the European Union digital signature laws. Under Common Criteria, a product is evaluated to one of seven specific Evaluation Assurance Levels (EALs). nCipher nShield Connect, nShield Connect+, nShield Solo, nShield Solo+ and now nShield Solo XC and nShield Connect XC have all been certified to EAL4+, ensuring customers have the utmost confidence in nCipher’s range of advanced cryptographic solutions.
The eIDAS regulation was created to establish trust in electronic transactions between individuals, organizations and government entities across European Member States. Under eIDAS, citizens and businesses can use their native national electronic identification schemes (eIDs) when accessing public services within other EU Member States that use eIDs. Additionally, this regulation implements standards for electronic signatures, time stamps, electronic seals, and other proof of authentication, including electronic certification and registered delivery services that give those electronic transactions the same legal status as if they were conducted on paper.
nShield Solo XC and Connect XC HSMs:
- eIDAS and Common Criteria EAL4 + AVA_VAN.5 and ALC_FLR.2 certification against EN 419 221-5 Protection Profile, under the Dutch NSCIB scheme
- Can form the basis of an EN 419 241-2 certified remote signing system for eIDAS.
- Compliant with BSI AIS 31 for true and deterministic random number generation
nShield Solo, Solo+, Connect, and Connect+ HSMs:
- Common Criteria EAL4 + AVA_VAN.5 and Qualified Signature/Seal Creation Device (QSCD), certified under the Italian OCSI scheme.
nCipher nShield HSMs are also certified to FIPS 140-2 Level 2 and Level 3, a standard defined by the US National Institute of Standards and Technology (NIST) and the most widely adopted security benchmark for cryptographic solutions in government and commercial enterprises. nCipher‘s participation in the Common Criteria scheme complements FIPS validation by providing a broader scope for evaluation including further assurance that the product has been developed in accordance with internationally recognized best practice.