Government Certifications

NitroSecurity is committed to serving both federal and civilian government agencies, and as a result we hold several key government certifications, including Common Criteria v2.3, EAL3.

NitroSecurity is currently enhancing certification to even higher levels. Our products are under test for Common Criteria v3.1 EAL3 Augmented, and FIPS 140-2 Level 2.

GSA

NitroSecurity holds its own GSA Schedule, classified as a small business. The NAICS codes that we fall under are Product: 334290 and Maintenance: 81.

 

Common Criteria EAL Level 3

The Common Criteria (CC) is an international standard (ISO/IEC 15408) for computer security. Unlike standards such as FIPS 140, Common Criteria does not provide a list of product security requirements or features that products must contain. Instead, it describes a framework in which computer system users can specify their security requirements, vendors can then implement and/or make claims about the security attributes of their products, and testing laboratories can evaluate the products to determine if they actually meet the claims. In other words, Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard manner.

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the NitroSecurity TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.3 and International Interpretations effective on 12 October, 2005. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.3 Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 3 family of assurance requirements. The product, when configured as specified in the installation guides and user guides, satisfies all of the security functional requirements stated in the Nitro Security Intrusion Prevention System Version 7.1.3 Security Target. The evaluation was completed in April 2007. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report for Nitro Security Intrusion Prevention System Version 7.1.3 prepared by CCEVS.

view the Common Criteria Evaluation & Validation Scheme Validation Report

Protection Profile (PP) - a document, typically created by a user or user community, which identifies security requirements relevant to that user for a particular purpose. A PP effectively defines a class of security devices (for example, smart cards used to provide digital signatures, or network firewalls). Product vendors can choose to implement products that comply with one or more PPs, and have their products evaluated against those PPs. In such a case, a PP may serve as a template for the product's ST (Security Target, as defined below), or the authors of the ST will at least ensure that all requirements in relevant PPs also appear in the target's ST document. Customers looking for particular types of products can focus on those certified against the PP that meets their requirements.





These icons link to social bookmarking sites to help share this content.
  • share this page:
  • bodytext
  • del.icio.us
  • Reddit
  • Slashdot
  • Technorati
  • Propeller