The Wayback Machine - https://web.archive.org/all/20041019141502/http://www.entrust.com:80/resources/validation_faq.htm
Login | Support | Help | Contact Us

About Entrust
Fact Sheet
History
Executives and Board
Investor Relations
News & Events
Careers
Awards
Third-Party Validation
Common Criteria Certification
FIPS 140-1
CygnaCom Solutions
Contact Us

Entrust Resources

Validation FAQs


Entrust and Common Criteria (ISO 15408) Certification
  1. What is Common Criteria ("CC")?
  2. What does CC security evaluation involve?
  3. Is Common Criteria Widely Recognized?
  4. What aspects of Entrust products were evaluated?
  5. How does CC evaluation fit with FIPS 140-1 validation?
  6. Why is CC evaluation important?
  7. Which laboratory performed the evaluation of the Entrust products?
  8. Will other Entrust products be evaluated?
  9. Where are relevant CC resources found on the web?

1. What is Common Criteria ("CC")?  (top)
The Common Criteria, which has become ISO standard 15408 in 1999, is an alignment and development of a number of source IT security evaluation criteria including existing European (ITSEC), US (TCSEC - Orange Book) and Canadian (CTCPEC). The CC allows comparisons to be made between the results of independent security evaluations. By establishing such a common criteria base, the intent is for the results of an IT security evaluation to be meaningful to a wider audience. It does so by providing a common set of security functional and assurance requirements for IT security evaluations performed in different countries.

The CC divides the IT security requirements into functionality components (i.e., requirements that specify what the product should do) and in assurance components (i.e., requirements that provide the 'trust' the user can place in the product or system).

The IT functional components are grouped into 11 classes including Audit, Cryptographic Support, Identification and Authentication, Security Management, Trusted Path/Channels, and others. The classes are further refined into families with common objectives.

The taxonomy for assurance requirements is similar to that for functional requirements. The assurance requirements are grouped into 10 classes including Configuration Management, Development, Tests, Vulnerability Assessment, and others. These are also further refined into families with common objectives. The CC contains a set of defined assurance levels (Evaluation Assurance Levels - EALs) constructed using components from the assurance families. EALs can be augmented by one or more additional components to provide higher assurance as required.

2. What does CC security evaluation involve?  (top)
The principal inputs to a CC evaluation are the Security Target, the set of evidence documentation about the product under evaluation, and the product itself (referred to as the Target of Evaluation - TOE).

The Security Target is the basis for the agreement between the product vendor, evaluators and certification agencies as to what security functionality the product (TOE) offers and the scope of the evaluation. The Security Target identifies, and refines as appropriate, a set of CC IT security and assurance requirements. It provides a definition of the TOE security functions claimed to meet the functional requirements and the assurance measures taken to meet the assurance requirements. The ST also addresses the organizational security policies with which the TOE must comply and the security aspects for the environment in which the TOE will be used.

The set of evidence documentation includes the documents, which describe the TOE in the form of design description, functional specification, configuration management, delivery and operations, support and maintenance, vulnerability analysis, functional testing and more. These documents, the TOE, the administration and user guides and the Security Target are submitted to a third party certified laboratory, which proceeds with the evaluation. Using the procedures and interpretations detailed in the Common Evaluation Methodology (CEM), the certified laboratory facility will evaluate the Security Target for completeness and consistency. The evaluators will then analyze the evidence documentation, and proceed with functional and penetration testing of the TOE, to verify conformance to the CC. The results of the evaluation confirm that the ST is satisfied with the TOE, in other words the functional and assurance security claimed in the ST has been verified. The certified laboratory facility produces a report documenting the findings. The report is submitted to a government agency acting as the Certification Body, which then proceeds with certification/validation of the product (i.e. TOE certification/validation).

The evaluation process establishes a level of confidence that the security functions of a product and the assurance measures applied to it meet the requirements. The evaluation results help consumers gain confidence that the IT product is secure enough for their intended application and that the security risks implicit in its use are tolerable.

3. Is Common Criteria Widely Recognized?  (top)
The following countries: United States, United Kingdom, Canada, Germany, France, Australia and New Zealand officially signed a Mutual Recognition Arrangement (MRA). The MRA allows IT products that earn a CC certificate to be procured and used in different jurisdictions without the need for them to be evaluated and certified/validated more than once. By recognizing the results of each other's evaluations, products evaluated in one MRA member nation can be accepted in the other member nations.

4. What aspects of Entrust products were evaluated?  (top)
Entrust Authority™ Security Manager 7.0 is in evaluation for EAL 4 augmented assurance level. Evaluation is being done against the NIAP Protection Profile CIMC Security Level 3, and is scheduled to be complete in November 2004. The evaluation status of Security Manager 7.0 can be found at http://www.cse-cst.gc.ca/en/services/common_criteria/ongoing_evals.html.

Security Manager and Security Manager Administration (formerly called Entrust/Authority and Entrust/RA) 5.0 and 5.1 were successfully evaluated at the EAL 3 augmented assurance level. In addition, the evaluation of Security Manager and Security Manager Administration 5.0 satisfies the security assurance requirements listed in the U.S. NIST CS2 Protection Profile. The evaluation status of these versions can be found at http://www.cesg.gov.uk/site/iacs/index.cfm?menuSelected=1&displayPage;=151.

5. How does CC evaluation fit with FIPS 140-1 validation?  (top)
So far, seven versions of the Entrust software cryptographic module have been validated against the FIPS 140-1 standard. These validations provide Entrust users with third-party confirmation that the cryptographic services delivered by Entrust products (i.e. encryption/decryption, digital signature creation/verification, hashing, key generation/zeroization, etc.) are secure. The Common Criteria Evaluation is a natural extension to the FIPS 140-1 process. The successful CC evaluation of these products provides third-party confirmation that these products have met the specified Common Criteria EAL 3 and/or EAL 4 augmented requirements.

6. Why is CC evalution important?  (top)
The notion of trust is fundamental in Security Management such as Public-Key Infrastructures (PKIs). For a security management infrastructure to be valuable, users must have confidence that the parties they communicate with have been vetted, i.e. their identities and keys are valid and trustworthy. To provide this confidence, it is essential that the technology involved in binding the names of users to their public keys is trusted. The technology used to create these bindings includes security mechanisms and services that provide for secured generation, destruction, and distribution of cryptographic keys, cryptographic operations, complete access control, management of security functions and services, roles and separation of duties, audit of security critical events, secured communications, data protection, and more. These mechanisms and services contribute jointly in allowing the CA to bind together the user identities and public keys in a secured digital format known as a public key certificate. In creating these certificates, CAs act as trusted third-parties in a security management infrastructure. As long as users trust the CA and its business policies for issuing and managing certificates, they can trust the public-key certificates issued by the CA. Security evaluations performed by certified third-party evaluation facilities against recognized security criteria are instrumental in establishing trust in security technology. They allow unbiased security experts to analyze the security functions, interface specifications, guidance documentation and design of the product. The certification of Entrust Authority Security™ Manager and Entrust Authority™ Security Manager Administration confirms that these products have met a complete set of functional and security requirements.

7. Which laboratory performed the evaluation of the Entrust products?  (top)
The evaluation for Security Manager and Security Manager Administration 5.0 and 5.1 was performed by Syntegra under the UK ITSEC scheme. The evaluation for Security Manager 7.0 is being performed by Domus ITSL under the Canadian Common Criteria Evaluation and Certification Scheme.

8. Will other Entrust products be evaluated?  (top)
It is expected that additional Entrust products will be evaluated in the future. No explicit timetable has been defined for these possible evaluations.

9. Where are relevant CC resources found on the web?  (top)
http://csrc.nist.gov/cc/index.html
Site Map | Privacy Statement | Legal

Copyright 2004 Entrust. All rights reserved.