One Identity Safeguard for Privileged Passwords Version 6.7 has achieved Common Criteria for Information Technology Security certification from the U.S. federal government.
Validation Report Number: CCEVS-VR-VID11137-2021
Protection Profile Identifier: collaborative Protection Profile for Network Devices Version 2.2e
What is Common Criteria Certification?
The Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria or CC) is an international standard for computer security certification. It is presently in version 3.1 revision 5, Sept 2017.
Common Criteria is an internationally recognized security certification required by government entities (including U.S. federal, state and local governments as well as international governments) and enterprise organizations seeking to procure commercial products. Certification is granted when a Common Criteria testing laboratory determines that a product meets a defined measure of security
What does it mean that One Identity Safeguard has been Common Criteria Certified?
One Identity Safeguard has met the rigorous security requirements of the U.S. federal government to achieve the Common Criteria for Information Technology Security certification. This certification confirms to customers that One Identity Safeguard has passed the most rigorous security requirements of government and enterprise organizations.
One Identity Safeguard Privileged Password Management Version 6.7 with Common Criteria provides:
- One Identity Safeguard for Privileged Passwords automates, controls, and secures the process of granting privileged credentials with role-based access management and automated workflows.
What are the details of Common Criteria Certification?
Common Criteria is a framework in which computer system users can specify their security functional requirements (SFRs) and security functional assurance requirements (SARs) using Protection Profiles (PPs). Technology vendors can then implement and/or make claims about the security attributes of their products, and hire testing laboratories to evaluate their products to determine if they meet these claims. In short, Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous, standard and repeatable manner at a level that corresponds with its target-use environment. Once this process is successfully completed, a vendor achieves Common Criteria certification.
Common Criteria is used as the basis for a government-driven certification scheme. Typically, evaluations are completed for the use of federal government agencies and critical infrastructure. Additionally, many enterprise organizations use Common Criteria as a requisite for procuring new software solutions based on the quality guarantee these certified products deliver.
The Common Criteria for Information Technology Security Evaluation and its companion, Common Methodology for Information Technology Security Evaluation (CEM), make up the technical basis for an international agreement, the Common Criteria Recognition Arrangement (CCRA). The CC is the driving force for the widest available mutual recognition of secure IT products across the globe. Though each country has its own certification process, the Common Criteria Recognition Arrangement (CCRA) recognizes evaluations against a collaborative Protection Profile (cPP), which means all member countries will acknowledge these certifications.
What's Next?
One Identity Safeguard for Privileged Sessions - This project is underway, more information will be provided as this effort progresses.
