Identity Manager 8.1 is Common Criteria Certified

One Identity Manager 8.1 has achieved Common Criteria for Information Technology Security certification from the U.S. federal government.

What is Common Criteria Certification?

The Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria or CC) is an international standard for computer security certification. It is presently in version 3.1 revision 5.

Common Criteria is an internationally recognized security certification required by government entities (including U.S. federal, state and local governments) and enterprise organizations seeking to procure commercial products. Certification is granted when a Common Criteria testing laboratory determines that a product meets a defined measure of security

What does it mean that One Identity Manager has been Common Criteria Certified?

One Identity Manager has met the rigorous security requirements of the U.S. federal government to achieve the Common Criteria for Information Technology Security certification. This certification confirms to customers that One Identity Manager has passed the most rigorous security requirements of government and enterprise organizations.

Identity Manager 8.1 with Common Criteria provides:

  • Protection of critical data at the highest of standards
  • Validation and proven security solution
  • Control of user access
  • Reduced risk of data breaches and cyber threats
  • Increased cybersecurity
  • Prevents loss, theft and exploitation of sensitive data

What are the details of Common Criteria Certification?

Common Criteria is a framework in which computer system users can specify their security functional requirements (SFRs) and security functional assurance requirements (SARs) using Protection Profiles (PPs). Technology vendors can then implement and/or make claims about the security attributes of their products, and hire testing laboratories to evaluate their products to determine if they meet these claims. In short, Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous, standard and repeatable manner at a level that corresponds with its target-use environment. Once this process is successfully completed, a vendor achieves Common Criteria certification.

Common Criteria is used as the basis for a government-driven certification scheme. Typically, evaluations are completed for the use of federal government agencies and critical infrastructure. Additionally, many enterprise organizations use Common Criteria as a requisite for procuring new software solutions based on the quality guarantee these certified products deliver.

The Common Criteria for Information Technology Security Evaluation and its companion, Common Methodology for Information Technology Security Evaluation (CEM), make up the technical basis for an international agreement, the Common Criteria Recognition Arrangement (CCRA). The CC is the driving force for the widest available mutual recognition of secure IT products across the globe. Though each country has its own certification process, the Common Criteria Recognition Arrangement (CCRA) recognizes evaluations against a collaborative Protection Profile (cPP), which means all member countries will acknowledge these certifications.

Blog Post CTA Image

Related Content