Third-Party Validation & Certification
Entrust is committed to seeking and maintaining independent third-party verification and certification of its products and services to give customers the confidence to acquire and deploy its solutions with their employees, business partners and customers.
Entrust leads the security market in third-party validation and certification:
- In 1995, Entrust was the first vendor to receive the FIPS 140 validation, and continues the tradition, garnering 21 FIPS certificates to date. These include certificates issued under the older FIPS 140-1 scheme as well as those issued under the more current FIPS 140-2 standard.
- Entrust was the first PKI vendor to receive the Common Criteria certification in 1999. This certification was also done for more recent product releases. Currently, Entrust's 8.1 release of its certification authority (CA) offering, which includes support for ePassport Basic Access Control (BAC) and Extended Access Control (EAC) is in evaluation for Common Criteria certification.
- Entrust GetAccess is the first product of its kind to undergo rigorous testing and be awarded certification by Spectria.
- Entrust was the first-ever public certification authority to receive the WebTrust Seal for CAs. This gives customers confidence that the CA's policies are adhered to and the privacy of all customer information is maintained.
- In 2003, Entrust Authority Security Manager was awarded an ISIS-MTT compliance label for the product class "CA Server, "confirming the favorable recommendation of Secorvo Security Consulting, an approved independent verification lab based in Germany.
- CygnaCom Solutions, a subsidiary of Entrust, is one of the leading certification labs in the United States and was the first laboratory authorized to perform both FIPS 140-1 and Common Criteria evaluations.
What does third-party validation mean?
Independent testing and certification labs look at products from various perspectives, depending on the nature of the certification. In many cases, they ensure that a product meets a minimum level of security assurance, algorithms and protocols are implemented as per specification or that service offerings meet pre-defined minimum policy assurance.
These validations and certifications are not taken lightly by vendors. Each verification process takes time, resources and commitment to see through to completion. These tests vary in the time to complete — some as little as a few months, while others typically take 1-2 years (e.g., Common Criteria).
How do customers benefit from third-party validations?
Customers gain assurance that an independent lab has reviewed the product or service to the utmost level of security specification or policy. Third-party certifications give customers confidence that the products and services they invest in are able to meet their needs from a security and trust perspective. In some cases, as with the U.S. and Canadian federal government, cryptographic products must be certified to the FIPS 140-2 specification.