Thales Hardware Security Modules Achieve Common Criteria Certification
Peter Galvin, vice president strategy, Thales e-Security says:
“Thales has long championed best practices and industry standards and this level of security certification demonstrates our commitment to achieving the highest standards and compliance requirements. The use of cryptography, whether it be encryption, strong authentication or digital signing, requires the strict management of cryptographic keys and enforcement of the management policies governing their use. It is vital that Thales customers have a high level of confidence in the products they buy and independent review of a product’s security properties is a powerful tool in building that confidence. Government agencies and private sector enterprises deploying Thales HSMs can be assured they are implementing the most secure solutions available.”
The international Common Criteria standard was developed to unify and supersede national IT security certification schemes from several different countries, including the US, Canada, Germany, the UK, France, Australia and New Zealand. Common Criteria certified solutions are required by governments and enterprises around the world to protect their mission-critical infrastructures. Common Criteria is often a pre-requisite for qualified digital signatures under the European Union digital signature laws. Under Common Criteria, a product is evaluated to one of seven specific Evaluation Assurance Levels (EALs). Thales nShield Connect, nShield Connect+, nShield Solo and nShield Solo+ have all been certified to EAL4+, which exceeds the highest level permitted by international mutual recognition arrangements, ensuring customers have the utmost confidence in Thales’s range of advanced cryptographic solutions. By way of this certification, Thales nShield HSMs are recognised as Secure Signature Creation Devices (SSCDs) which earns them eIDAS compliance (Article 51, Transitional Measures).Thales nShield HSMs are also certified to FIPS-140-2 level 3, a standard defined by the US National Institute of Standards and Technology and the most widely adopted security benchmark for cryptographic solutions in government and commercial enterprises. Thales’s participation in the Common Criteria scheme complements FIPS validation by providing a broader scope for evaluation including further assurance that the product has been developed in accordance with internationally recognized best practice. Organismo di Certificazione della Sicurezza Informatica (OCSI), the Italian technical testing and evaluation standards organization, evaluated Thales nShield HSMs for Common Criteria certification.