Third-party Validations

Independent testing and certification labs look at products from various perspectives, depending on the nature of the certification. In many cases, they ensure that a product meets a minimum level of security assurance, algorithms and protocols are implemented as per specification or that service offerings meet pre-defined minimum policy assurance. These validations and certifications are not taken lightly by vendors. Each verification process takes time, resources and commitment to see through to completion. These tests vary in the time to complete — some as little as a few months, while others typically take 1-2 years (e.g., Common Criteria).

Customers gain assurance that an independent lab has reviewed the product or service to the utmost level of security specification or policy. Third-party certifications give customers confidence that the products and services they invest in are able to meet their needs from a security and trust perspective. In some cases, as with the U.S. and Canadian federal government, cryptographic products must be certified to the FIPS 140-2 specification.

• In 1995, Entrust was the first vendor to receive the FIPS 140 validation, and continues the tradition, garnering 21 FIPS certificates to date. These include certificates issued under the older FIPS 140-1 scheme as well as those issued under the more current IPS 140-2 standard.
• Entrust was the first PKI vendor to receive the Common Criteria certification in 1999. This certification was also done for more recent product releases. Entrust’s 8.1 release of its certification authority (CA) offering, which includes support for ePassport Basic Access Control (BAC) and Extended Access Control (EAC) has completed Common Criteria certification.
• Entrust GetAccess is the first product of its kind to undergo rigorous testing and be awarded certification by Spectria.
• Entrust was the first-ever public certification authority to receive the WebTrust Seal for CAs. This gives customers confidence that the CA’s policies are adhered to and the privacy of all customer information is maintained.
• In 2003, Entrust Authority Security Manager was awarded an ISIS-MTT compliance label for the product class “CA Server, “confirming the favorable recommendation of Secorvo Security Consulting, an approved independent verification lab based in Germany.
• CygnaCom Solutions, a subsidiary of Entrust, is one of the leading certification labs in the United States and was the first laboratory authorized to perform both FIPS 140-1 and Common Criteria evaluations.