Chrysalis-ITS Awarded World's First Common Criteria Certification for a Hardware Security Module; Prestigious Certification Provides Added Security Assurance for Customers Worldwide.Business Editors OTTAWA--(BUSINESS WIRE)--Nov. 27, 2002 Chrysalis-ITS today announced that its Luna CA3 product is the only hardware security module (HSM (1) (Hierarchical Storage Management) The automatic movement of files from hard disk to slower, less-expensive storage media. The typical hierarchy is from magnetic disk to optical disc to tape. ) in the world to have passed ISO (1) See ISO speed. (2) (International Organization for Standardization, Geneva, Switzerland, www.iso.ch) An organization that sets international standards, founded in 1946. The U.S. member body is ANSI. 15408 Common Criteria (CC) Evaluation Assurance Level The Evaluation Assurance Level (EAL1 through EAL7) of an IT product or system is a numerical grade assigned following the completion of a Common Criteria security evaluation, an international standard in effect since 1999. 4+ (augmented) (EAL EAL English as an Additional Language EAL Evaluation Assurance Level EAL Eastern Airlines EAL Emergency Action Level EAL Environmental Analysis Laboratory EAL Evidence Analysis Library (American Dietetic Association) 4+). This prestigious certification extends Chrysalis-ITS' market leadership position, and assures customers that Chrysalis-ITS' leading HSM, Luna CA3, has demonstrated full compliance to standards sanctioned by the International Organization for Standardization International Organization for Standardization (ISO) Organization for determining standards in most technical and nontechnical fields. Founded in Geneva in 1947, its membership includes more than 100 countries. (ISO). Customers such as Australia's KeyTrust require a hardware security module with CC compliance. The CC distinction allows Chrysalis-ITS customers, including service providers, large financial institutions and government agencies, to assure their own stakeholders that all reasonable precautions are being taken to protect sensitive data. This assurance in turn translates directly into customer satisfaction, loyalty, and brand equity. "KeyTrust is a service provider delivering complete trusted e-business solutions to the Australasian industry. Common Criteria provides a means to clearly articulate our requirements for an HSM and we've been looking for just such a product to add enhanced security to our offering," said Charles Greatrex, CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. , KeyTrust. "We applaud Chrysalis-ITS on their commitment to global security standards and on Luna CA3 being the only HSM to achieve this merit." Common Criteria was developed through collaboration among national security and standards organizations within Canada, France, Germany, the Netherlands, the United Kingdom and the United States, as a common standard to replace their existing security evaluation criteria. As such, it is strongly supported by each of the organizations involved. The national organizations have worked with ISO to ensure that the CC was suitable to become a formal standard, and it is rapidly becoming the world standard and preferred method for security specifications and evaluations. Simon Gauthier, Deputy Chief for Information Technology Security, at the Communications Security Establishment Noun 1. Communications Security Establishment - Canadian agency that gathers communications intelligence and assist law enforcement and security agencies CSE international intelligence agency - an intelligence agency outside the United States said; "We are very pleased that Chrysalis-ITS had its Luna CA3 product evaluated under the Canadian Common Criteria Evaluation and Certification Scheme. The EAL4+ rating received is the highest level achievable under the international CCRA CCRA Canada Customs and Revenue Agency CCRA Common Criteria Recognition Arrangement CCRA Campus Computer Resellers Alliance CCRA Certified Clinical Research Associate CCRA Commercial Credit Reference Agency CCRA California Court Reporters Association (Common Criteria Recognition Arrangement), a significant achievement. Congratulations are well deserved." The Communications Security Establishment (CSE (Certified Systems Engineer) See Microsoft certification. ) is the Government of Canada's center for IT security expertise, advice and guidance. CSE participates in the CC arrangement on Canada's behalf and sets the standards for the Canadian evaluation process. "A Common Criteria evaluation provides additional assurance to our customers that the security functions of Luna CA3 operate as advertised and in accordance with accepted security principles," said Bruno Couillard, Chief Technology Officer and Vice President of Engineering at Chrysalis-ITS. "As a company, we take pride in our products' adherence to the highest security standards - we have an extensive track record, for example, having our products validated under Federal Information Processing Standards (standard) Federal Information Processing Standards - (FIPS) United States Government technical standards published by the National Institute of Standards and Technology (NIST). . CC adds an entirely new dimension to the confidence and security that we can extend to our customers - we are extremely pleased to achieve this certification for Luna CA3." EWA-Canada (www.ewa-canada.com) a leader in information technology protection, and an accredited accredited recognition by an appropriate authority that the performance of a particular institution has satisfied a prestated set of criteria. accredited herds cattle herds which have achieved a low level of reactors to, e.g. laboratory for both CC evaluations and FIPS (Federal Information Processing Standards) A series of publications issed by the U.S. National Institute of Standards and Technology (NIST) that specifies information security guidelines for federal government departments and agencies. 140-2 validation testing, performed the Luna CA3 evaluation, and presented its findings in an Evaluation Technical Report to the CC Certification Body on November 06, 2002. Certification was issued on November 22, 2002. The certified product listing for Luna CA3 will be found on the Common Criteria website at www.commoncriteria.org and on the CSE website at: www.cse-cst.gc.ca/en/services/common_criteria/trusted_products.html. About Luna CA3 Root Key Protection System Luna CA3, the most widely deployed hardware root key protection solution on the market is the de facto standard Hardware or software that is widely used, but not endorsed by a standards organization. Contrast with de jure standard. de facto standard - A widespread consensus on a particular product or protocol which has not been ratified by any official standards body, such as ISO, and meets all industry Best Practices in safeguarding private encryption keys. Luna CA3 strengthens the security of PKI Certificate Authority applications by using hardware to perform sensitive cryptographic processing such as key generation, verification, storage, signing and secure key backup. The CA3 ensures that private and sensitive keys always remain in hardware, safe from compromise. Luna CA3 is validated to FIPS 140-1 Level 3, and Common Criteria EAL4+. About Common Criteria The Common Criteria for Information Technology Security Evaluation defines general concepts and principles of IT security evaluation and presents a general model of evaluation for expressing IT security objectives, for selecting and defining IT security requirements, and for writing high-level specifications for products and systems. The CC represents the outcome of a series of efforts to develop criteria for evaluation of IT security that are broadly useful within the international community. In the early 1980's the Trusted Computer System Evaluation Criteria Trusted Computer System Evaluation Criteria (TCSEC) is a United States Government Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. (TCSEC See NCSC. ) was developed in the United States. In the early 1990's Europe developed the Information Technology Security Evaluation Criteria (ITSEC See NCSC. ) built upon the concepts of the TCSEC. In 1990 the International Organization for Standardization (ISO) sought to develop a set of international standard evaluation criteria for general use. The CC project was started in 1993 in order to bring all these (and other) efforts together into a single international standard for IT security evaluation. The new Criteria addresses the need for mutual recognition of standardized security evaluation results in a global IT market. In Canada, the Communications Security Establishment facilitates the Common Criteria Scheme. About Chrysalis-ITS Chrysalis-ITS is a leading vendor of hardware security products to secure and accelerate applications including electronic financial transactions, SSL, smart card issuance, document security and digital identity management. The company is revolutionizing hardware security with a line of appliances that dramatically simplify the deployment of secure applications. Chrysalis-ITS products power security solutions deployed to customers spanning the world's leading financial institutions, service providers, and government agencies. Chrysalis-ITS products are delivered through a global network of distributors and value-added resellers. Founded in 1994, Chrysalis-ITS is headquartered in Ottawa, Canada, with regional offices throughout North America, Europe, and Asia. The company website is www.chrysalis-its.com. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion