Certification for our Security Products

Be assured that our security products meet the most strict certification standards in the world...

• Certification detail

  Product	Description	Certifications
  Becrypt Cryptographic Algorithms	Encryption algorithms that meet the FIPS specifications for Advanced Encryption Standard	FIPS
  DISK Protect Baseline	Full disk encryption solution with pre-boot authentication and optional removable media encryption.	CAPS Baseline DIPCOG
  DISK Protect Enhanced	Full disk encryption solution with dual factor pre-boot authentication.	CAPS Enhanced DIPCOG
  DISK Protect	Full disk encryption solution with pre-boot authentication and optional removable media encryption.	CCT Mark FIPS 140-2 Common Criteria - EAL 2
  Connect Protect	Port Control solution that controls access to Plug and Play devices.	CCT Mark DIPCOG CAPS
  Media Client	File encryption solution that protects data whilst in transit or on removable media.	CCT Mark DIPCOG CAPS
  Trusted Client	Bootable secure remote access solution	Common Criteria - EAL 2 CCTM

• What do the certifications mean?

   

  CESG Assisted Products Scheme (CAPS). CAPS helps private sector companies to develop cryptographic products for use by HMG and other appropriate organisations. CAPS links the cryptographic knowledge of CESG (the UK national technical authority for information assurance) with the private sector's expertise and resources. CAPS enables products to be cryptographically verified by CESG to HMG cryptographic standards and formally approved for use by HMG and other appropriate organisations. CAPS approval entails rigorous reviews of all security and cryptographic elements of a product including detailed code reviews. From our experience, the process can take between 6 and 24 months for a new product approval depending on the grade of security assurance being applied for. Priority for approval is assigned according to the number of organisations supporting the application.

  FIPS 140 (Federal Information Processing Standards Publication 140). FIPS is a United States federal standard that specifies security requirements for cryptography modules. The current version of the standard is FIPS 140-2, issued on 25 May 2001. The National Institute of Standards and Technology (NIST) issued the 140 Publication Series to coordinate the requirements and standards for cryptography modules for use by departments and agencies of the United States federal government. FIPS 140 does not purport to guarantee that a module conforming to its requirements is secure, still less that a system built using such modules is secure. The requirements cover the cryptographic modules themselves and their documentation and (at the highest security level) some aspects of the comments contained in the source code. Unlike CAPS, FIPS conformance testing does not entail detailed source code reviews and can usually be completed in 3 to 5 months for levels 1 and 2.

  Common Criteria (CC). CC is an international standard (ISO/IEC 15408) for computer security. Unlike standards such as FIPS 140 and CAPS, Common Criteria does not entail a cryptographic evaluation, nor does it provide a list of product security requirements or features that products must contain or carry out. Instead, it describes a framework in which computer system users can specify their security requirements, developers can make claims about the security attributes of their products, and evaluators can determine if products actually meet their claims. In other words, Common Criteria provides assurance that the process of specifying, developing, and evaluating a computer security product has been conducted in a rigorous manner. Common Criteria evaluation can take between 6 and 12 months for the lower assurance levels (EAL1 and EAL2).

  CSIA Claims Tested (CCT) Mark. The CCT Mark Scheme is a UK government quality mark for IT security products and services. The Scheme is aimed at central government and the wider public sector, particularly the NHS, Education, Local Authorities and Criminal Justice. The Scheme provides a basic level of assurance (broadly equivalent to Common Criteria EAL1) to these products and services, and will give confidence to purchasers that the Vendor's security functionality claims have been validated. The validation does not involve detailed security checks or entail implementation or source code reviews, but merely tests that the product meets the functional claims specified. The validation process can take between 1 and 2 months for new products.