nCipher, a global leader in protecting critical enterprise data, has announced that its family of nShield hardware security modules (HSMs) has begun the process of Common Criteria evaluation through the Common Criteria Evaluation and Certification Scheme.
The international Common Criteria standard was developed to unify and supersede national IT security certification schemes from several different countries, including the U.S., Canada, Germany, the U.K., France and the Netherlands. Under Common Criteria a product is evaluated to one of seven specific Evaluation Assurance Levels (EALs). nCipher is evaluating nShield at EAL4+, the highest level permitted by international mutual recognition arrangements, ensuring customer's have the utmost confidence in nCipher's range of advanced cryptographic solutions.
nShield is already validated to FIPS-140-2 level 3, a standard defined by the U.S. National Institute of Standards and Technology and the most widely adopted security benchmark for cryptographic solutions in government and commercial enterprises. nCipher's participation in the Common Criteria scheme complements FIPS validation by providing a broader scope for evaluation including further assurance that the product has been developed in accordance with internationally recognized best practice. Domus ITSL, an independent technical testing and evaluation standards organization, will be evaluating nShield for Common Criteria certification.
"As an accredited and experienced third party standards testing facility Domus has a world-class reputation in providing services to private industry and government," says Chris Brych, Director at Domus. "Both Common Criteria and FIPS are recognized by governments and IT professionals around the world as a critical measure of the quality of an IT security product. nCipher regularly submits its products for this rigorous testing and has a long track record of successful validation."
"nCipher has long championed best practices and industry standards. The use of cryptography in the form of encryption, strong authentication or digital signing places great emphasis on maintaining the secrecy of cryptographic keys and enforcing the management practices and policies governing their use," said Mark Knight, product manager at nCipher. "It is vital that customers have a high level of confidence in the products they buy and independent review of a product's security properties is a powerful tool in building that confidence."
By evaluating nCipher's range of cryptographic hardware to both FIPS 140-2 and Common Criteria customers can be assured that nCipher solutions provide the best possible protection. Rigorous independent review is increasingly important as nShield devices are now routinely used not only to protect sensitive keys and data in specific applications but are also entrusted with the implementation and enforcement of overall key policy throughout the enterprise as a component of nCipher's portfolio of enterprise key management solutions.
Customers can monitor the progress of the nShield evaluation process on the website of the Canadian Common Criteria Evaluation and Certificate Scheme:
nCipher protects critical enterprise data for many of the world's most security-conscious organizations. Delivering solutions in the fields of identity management, data protection, enterprise key management and cryptographic hardware, nCipher enables businesses to identify who can access data, to protect data in transit and at rest, and to comply with the growing number of privacy-driven regulations. nCipher plc is listed on the London Stock Exchange (LSE:NCH).