informa
Products & Releases

Thales Hardware Security Modules Achieve Common Criteria EAL4+ Certification

Thales nShield and Thales netHSM cryptographic solutions receive third-party accreditation
SAN FRANCISCO & CAMBRIDGE, England --(Business Wire)-- Apr 21, 2009 Thales, leader in information systems and communications security, announces that its nCipher product line hardware security modules (HSMs), Thales nShield and Thales netHSM have received Common Criteria Evaluation Assurance Level (EAL) 4+ certification, ensuring customers have the utmost confidence in Thales's range of advanced cryptographic solutions.

"Thales has long championed best practices and industry standards and this level of security certification demonstrates our commitment to achieving the highest standards and compliance requirements. The use of cryptography in the form of encryption, strong authentication or digital signing requires the secrecy of cryptographic keys and enforcing the management practices and policies governing their use," says Franck Greverie, VP, MD for the information systems security activities of Thales. "It is vital that customers have a high level of confidence in the products they buy and independent review of a product's security properties is a powerful tool in building that confidence."

The international Common Criteria standard was developed to unify and supersede national IT security certification schemes from several different countries, including the US, Canada, Germany, the UK, France, Australia and New Zealand. Common Criteria certified solutions are required by governments and enterprises around the world to protect their mission-critical infrastructures. Common Criteria is often a pre-requisite for qualified digital signatures under the European Union digital signature laws. Under Common Criteria a product is evaluated to one of seven specific Evaluation Assurance Levels (EALs). Thales nShield and Thales netHSM have been certified to EAL4+, which exceeds the highest level permitted by international mutual recognition arrangements, ensuring customers have the utmost confidence in Thales's range of advanced cryptographic solutions.

Thales nShield and Thales netHSM are also FIPS-140-2 level 3 compliant, a standard defined by the U.S. National Institute of Standards and Technology and the most widely adopted security benchmark for cryptographic solutions in government and commercial enterprises. Thales's participation in the Common Criteria scheme complements FIPS validation by providing a broader scope for evaluation including further assurance that the product has been developed in accordance with internationally recognized best practice. Domus ITSL, an independent technical testing and evaluation standards organization, evaluated Thales nShield and Thales netHSM for Common Criteria certification.

"As an accredited and experienced third party standards testing facility, Domus has a world-class reputation in providing services to private industry and government, as well as identifying products that meet the most stringent industry requirements for securing digital assets," says Chris Brych, Director at Domus. "By achieving Common Criteria EAL 4+ certification, Thales has demonstrated its continued commitment to developing comprehensive, robust solutions designed to meet the highest levels of security testing. Government agencies and private sector enterprises deploying Thales HSMs can be assured they are implementing the most secure solutions available."

Thales will showcase nShield and netHSM as well as its other industry-leading solutions during the RSA Conference (booth #2023), April 20-24, 2009 at the Moscone Center in San Francisco.

Notes to editor Thales is one of the world leaders in the provision of Information and Communication Systems Security solutions for government, defence, critical infrastructure operators, enterprises and the finance industry. Thales's unique position in the market is due to its end-to-end security offering spanning the entire value chain in the security domain. The comprehensive offering includes architecture design, security and encryption product development, evaluation and certification preparation and through-life management services.

Thales has forty years of unrivalled track record in protecting information from Sensitive But Unclassified up to Top Secret and a comprehensive portfolio of security products and services, which includes network security products, application security products and secured telephony products.

About Thales Thales is a leading international electronics and systems group, addressing Aerospace and Space, Defence and Security markets worldwide. The Group's civil and military businesses develop in parallel and share a common base of technologies to serve a single objective: the security of people, property and nations. Thales's leading-edge technology is supported by 22,500 R&D engineers who offer a capability unmatched in Europe to develop and deploy field-proven mission-critical information systems. The Group builds its growth on its unique multidomestic strategy based on trusted partnerships with national customers and market players, while leveraging its global expertise to support local technology and industrial development. Thales employs 68,000 people in 50 countries with 2008 revenues of £10.2 billion. www.thalesgroup.com

Recommended Reading: