Tuesday, June 19, 2012

CESeCore gains Common Criteria certification

After 2 years of work, and 6 months of administrative waiting period CESeCore has finally received the final, signed, Common Criteria certification.

Providing a certified component library

By June 2012 the CESeCore project fullfilled its primary purposes: to make the CESeCore Security Core 1); Common Criteria EAL 4+ certified and 2); publicly available for integration with enterprise applications.
Vendors aiming to attain their own Common Criteria certification will continue to draw significant benefits through the use of the fully approved CESeCore library, which greatly shortens and simplifies implementation of many important security functions.
The certified CESeCore has also taken PrimeKey's EJBCA Enterprise edition a steady leap forward towards its own final Common Criteria certification.

"When we created CESeCore, we added the most important security functions from certificate management, certificate validation and timestamping, into a re-usable Java Enterprise component library. And we worked patiently to have it Common Criteria certified! Anyone who needs these security functions no longer have to re-invent the wheel."
— Tomas Gustavsson, PrimeKey CTO

Certification details

CESeCore is certified based on the CIMC Protection Profile (v1.0) at security level 3. The assurance level is EAL4+ (EAL4 augmented with ALC_FLR.2).
For those interested all details are available in the CESeCore Security Target.

EJBCA to be completed

Building on the CESeCore, EJBCA 5.0 has already completed the evaluation for the Common Criteria evaluation at the same level. We are only awaiting the administrative process to receive the final certificate also for EJBCA.


hugi said...

Congrats! :-)

Keep on going to finish!

Roger said...

does it mean that non comercial version of EJBC will be EAL4+ accomplish? Is there any data estimaton? thanks in advance

tomas said...

The EJBCA that you can download from ejbca.org will not be the common criteria certified version. CC certification is unfortunately too expensive for that.

What do you mean by data estimation?


Roger said...

Thanks a lot for your fast response. With data estimation I meant when it would be available. After reading your post, I realise that it never will be in the non cost version.

By the way, what is the price (aprox) of the enterprise version. If you do prefer, we can continue the conversation though mail or linkedin.
Best regards

tomas said...

Price depends on the size of the installation. Let's continue that through email, tomas - at - primekey.se.