.png){kind=logo}
Common Criteria
EJBCA Enterprise is Common Criteria certified in compliance with the National Information Assurance Partnership (NIAP) approved Protection Profile for Certification Authorities Version 2.1 and is listed on the CSfC Components List.
The following provides some background and information on EJBCA Enterprise Common Criteria Certification.
Background
The Common Criteria for Information Technology Security Evaluation (Common Criteria or CC) is an international standard for computer security certification.
The Common Criteria for Information Technology Security Evaluation (CC), and the companion Common Methodology for Information Technology Security Evaluation (CEM) make up the technical basis for an international agreement, the Common Criteria Recognition Arrangement (CCRA). The CC is the driving force for the widest available mutual recognition of secure IT products. Though each country has its own certification process, the CCRA recognizes evaluations against a collaborative Protection Profile (cPP), meaning all member countries will acknowledge these certifications.
A Common Criteria certification is often performed to show compliance with a Protection Profile (PP) or a Collaborative Protection Profile (cPP), which is a requirement document created by a user group or government. The Protection Profile ensures that all products of a certain type, such as certificate authority software, are certified according to the same requirements and that they are comparable.
Common Criteria requirements that do not specify conformance to a specific Protection Profile are discouraged, as such a requirement would not specify any desired security features or security attributes of a product. A concise, and auditable, requirement specifies conformance with one, or several, Protection Profiles.
EJBCA Enterprise Certification
Keyfactor has achieved multiple Common Criteria certifications for EJBCA Enterprise since 2012.
The current version of EJBCA Enterprise is Common Criteria certified in compliance with the NIAP-approved Protection Profile for Certification Authorities Version 2.1.
The following certified versions have publicly available validation reports and security targets on the respective authorities’ websites:
EJBCA Enterprise 9.3.3, see the NIAP Product Compliant List (PCL).
EJBCA Enterprise 7.4.1.1, see the CCRA Recognition Common Criteria Certificate.
Certified versions are listed on the NIAP PCL for the duration defined by the PCL. During this period, they are eligible for use as a Certification Authority component in a Commercial Solutions for Classified (CSfC) solution and are listed on the CSfC Components List. For more information about the CSfC program, established by the National Security Agency (NSA), refer to the NSA Commercial Solutions for Classified Program.
For general information on certification using Collaborative Protection Profiles (cPPs), see the Common Criteria Evaluation documentation.