Chrysalis-ITS Awarded World's First Common Criteria Certification for a Hardware Security Module; Prestigious Certification Provides Added Security Assurance for Customers Worldwide

Business Wire,  Nov 27, 2002  

• E-mail
• Print
• Link

Business Editors

OTTAWA--(BUSINESS WIRE)--Nov. 27, 2002

Chrysalis-ITS today announced that its Luna CA3 product is the only hardware security module (HSM) in the world to have passed ISO 15408 Common Criteria (CC) Evaluation Assurance Level 4+ (augmented) (EAL4+). This prestigious certification extends Chrysalis-ITS' market leadership position, and assures customers that Chrysalis-ITS' leading HSM, Luna CA3, has demonstrated full compliance to standards sanctioned by the International Organization for Standardization (ISO). Customers such as Australia's KeyTrust require a hardware security module with CC compliance.

The CC distinction allows Chrysalis-ITS customers, including service providers, large financial institutions and government agencies, to assure their own stakeholders that all reasonable precautions are being taken to protect sensitive data. This assurance in turn translates directly into customer satisfaction, loyalty, and brand equity.

"KeyTrust is a service provider delivering complete trusted e-business solutions to the Australasian industry. Common Criteria provides a means to clearly articulate our requirements for an HSM and we've been looking for just such a product to add enhanced security to our offering," said Charles Greatrex, CEO, KeyTrust. "We applaud Chrysalis-ITS on their commitment to global security standards and on Luna CA3 being the only HSM to achieve this merit."

Common Criteria was developed through collaboration among national security and standards organizations within Canada, France, Germany, the Netherlands, the United Kingdom and the United States, as a common standard to replace their existing security evaluation criteria. As such, it is strongly supported by each of the organizations involved. The national organizations have worked with ISO to ensure that the CC was suitable to become a formal standard, and it is rapidly becoming the world standard and preferred method for security specifications and evaluations.

Simon Gauthier, Deputy Chief for Information Technology Security, at the Communications Security Establishment said; "We are very pleased that Chrysalis-ITS had its Luna CA3 product evaluated under the Canadian Common Criteria Evaluation and Certification Scheme. The EAL4+ rating received is the highest level achievable under the international CCRA (Common Criteria Recognition Arrangement), a significant achievement. Congratulations are well deserved." The Communications Security Establishment (CSE) is the Government of Canada's center for IT security expertise, advice and guidance. CSE participates in the CC arrangement on Canada's behalf and sets the standards for the Canadian evaluation process.

"A Common Criteria evaluation provides additional assurance to our customers that the security functions of Luna CA3 operate as advertised and in accordance with accepted security principles," said Bruno Couillard, Chief Technology Officer and Vice President of Engineering at Chrysalis-ITS. "As a company, we take pride in our products' adherence to the highest security standards - we have an extensive track record, for example, having our products validated under Federal Information Processing Standards. CC adds an entirely new dimension to the confidence and security that we can extend to our customers - we are extremely pleased to achieve this certification for Luna CA3."

EWA-Canada (www.ewa-canada.com) a leader in information technology protection, and an accredited laboratory for both CC evaluations and FIPS 140-2 validation testing, performed the Luna CA3 evaluation, and presented its findings in an Evaluation Technical Report to the CC Certification Body on November 06, 2002. Certification was issued on November 22, 2002. The certified product listing for Luna CA3 will be found on the Common Criteria website at www.commoncriteria.org and on the CSE website at: www.cse-cst.gc.ca/en/services/common_criteria/trusted_products.html.

About Luna CA3 Root Key Protection System

Luna CA3, the most widely deployed hardware root key protection solution on the market is the de facto standard and meets all industry Best Practices in safeguarding private encryption keys. Luna CA3 strengthens the security of PKI Certificate Authority applications by using hardware to perform sensitive cryptographic processing such as key generation, verification, storage, signing and secure key backup. The CA3 ensures that private and sensitive keys always remain in hardware, safe from compromise. Luna CA3 is validated to FIPS 140-1 Level 3, and Common Criteria EAL4+.

About Common Criteria

The Common Criteria for Information Technology Security Evaluation defines general concepts and principles of IT security evaluation and presents a general model of evaluation for expressing IT security objectives, for selecting and defining IT security requirements, and for writing high-level specifications for products and systems.

The CC represents the outcome of a series of efforts to develop criteria for evaluation of IT security that are broadly useful within the international community. In the early 1980's the Trusted Computer System Evaluation Criteria (TCSEC) was developed in the United States. In the early 1990's Europe developed the Information Technology Security Evaluation Criteria (ITSEC) built upon the concepts of the TCSEC. In 1990 the International Organization for Standardization (ISO) sought to develop a set of international standard evaluation criteria for general use. The CC project was started in 1993 in order to bring all these (and other) efforts together into a single international standard for IT security evaluation. The new Criteria addresses the need for mutual recognition of standardized security evaluation results in a global IT market. In Canada, the Communications Security Establishment facilitates the Common Criteria Scheme.