EJBCA Enterprise is Common Criteria certified. The following provides some background and information on EJBCA Enterprise Common Criteria certification.

The Common Criteria for Information Technology Security Evaluation (Common Criteria or CC) is an international standard for computer security certification.

The Common Criteria for Information Technology Security Evaluation and its companion, Common Methodology for Information Technology Security Evaluation (CEM), make up the technical basis for an international agreement, the Common Criteria Recognition Arrangement (CCRA). The CC is the driving force for the widest available mutual recognition of secure IT products. Though each country has its own certification process, the CCRA recognizes evaluations against a collaborative Protection Profile (cPP), meaning all member countries will acknowledge these certifications.

A Common Criteria certification is often performed to show compliance with a Protection Profile (PP) or a Collaborative Protection Profile (cPP), which is a requirement document created by a user group or government. The Protection Profile ensures that all products of a certain type, such as certificate authority software, are certified according to the same requirements and that they are comparable.

Common Criteria requirements that do not specify conformance to a specific Protection Profile are discouraged, as such a requirement would not specify any desired security features or security attributes of a product. A concise, and auditable, requirement specifies conformance with one, or several, Protection Profiles.

EJBCA Enterprise Certification

PrimeKey has achieved our second Common Criteria certification of the EJBCA Enterprise software, see our news post EJBCA® Enterprise achieves Common Criteria certification.

EJBCA Enterprise is certified in compliance with Common Criteria Protection Profile for Certification Authorities, Version 2.1, 2017-12-01, National Information Assurance Partnership.

The certified version is EJBCA Enterprise 7.4.1.1, see CCRA Recognition Common Criteria Certificate.

For more information, refer to the FMV website (in Swedish only) and review the Security Target document, defining the Security Target according to which the EJBCA product is Common Criteria evaluated.

For more information on certification using Collaborative Protection Profiles (cPP), see Common Criteria Evaluation.