Common Criteria
EJBCA Enterprise is Common Criteria certified in compliance with the National Information Assurance Partnership (NIAP) approved Protection Profile for Certification Authorities Version 2.1 and is listed on the CSfC Components List.
The following provides some background and information on EJBCA Enterprise Common Criteria Certification.
Background
The Common Criteria for Information Technology Security Evaluation (Common Criteria or CC) is an international standard for computer security certification.
The Common Criteria for Information Technology Security Evaluation (CC), and the companion Common Methodology for Information Technology Security Evaluation (CEM) make up the technical basis for an international agreement, the Common Criteria Recognition Arrangement (CCRA). The CC is the driving force for the widest available mutual recognition of secure IT products. Though each country has its own certification process, the CCRA recognizes evaluations against a collaborative Protection Profile (cPP), meaning all member countries will acknowledge these certifications.
A Common Criteria certification is often performed to show compliance with a Protection Profile (PP) or a Collaborative Protection Profile (cPP), which is a requirement document created by a user group or government. The Protection Profile ensures that all products of a certain type, such as certificate authority software, are certified according to the same requirements and that they are comparable.
Common Criteria requirements that do not specify conformance to a specific Protection Profile are discouraged, as such a requirement would not specify any desired security features or security attributes of a product. A concise, and auditable, requirement specifies conformance with one, or several, Protection Profiles.
EJBCA Enterprise Certification
PrimeKey has achieved our second Common Criteria certification of the EJBCA Enterprise software, see our news post EJBCA® Enterprise achieves Common Criteria certification.
EJBCA Enterprise is Common Criteria certified in compliance with National Information Assurance Partnership (NIAP) approved Protection Profile for Certification Authorities Version 2.1.
The certified version is EJBCA Enterprise 7.4.1.1, see CCRA Recognition Common Criteria Certificate. For more information, refer to the FMV website (in Swedish only) and review the Security Target document, defining the Security Target according to which the EJBCA product is Common Criteria evaluated.
Additionally, EJBCA Enterprise version 7.4.1.1 is eligible to be used as a Certification Authority component in a Commercial Solutions for Classified (CSfC) solution and is listed on the CSfC Components List. For more information about the CSfC program, established by the National Security Agency (NSA), refer to NSA's information at Commercial Solutions for Classified Program.
For more general on certification using Collaborative Protection Profiles (cPP), see Common Criteria Evaluation.