NitroSecurity is committed to serving both federal and civilian government agencies, and as a result we hold several key product certifications, including Common Criteria v3.1 EAL3, and FIPS 140-2 level 2, providing assurance that our products meet the strict requirements of federal and international agencies.
In accordance with the Derived Test Requirements for FIPS 140-2, NitroSecurity cryptographic modules satisfy the requirements of a security system protecting Sensitive Information (US) or PRotected Information (Canada), to FIPS 140-2 level 2. FIPS 140-2 precludes the use of unvalidated cryptography for the cryptographic protection of sensitive or valuable data within Federal systems.
Unvalidated cryptography is viewed by NIST as providing no protection to the information or data - in effect the data would be considered unprotected plaintext. If the agency specifies that the information or data be cryptographically protected, then FIPS 140-2 is applicable. In essence, if cryptography is required, then it must be validated.
View the FIPS 140-2 certificate for NitroGuard IPS
View the FIPS 140-2 certificate for NitroView ESM
The Common Criteria (CC) is an international standard (ISO/IEC 15408) for computer security. Unlike standards such as FIPS 140, Common Criteria does not provide a list of product security requirements or features that products must contain. Instead, it describes a framework in which computer system users can specify their security requirements, vendors can then implement and/or make claims about the security attributes of their products, and testing laboratories can evaluate the products to determine if they actually meet the claims. In other words, Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous and standard manner.
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the NitroSecurity TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.3 and International Interpretations effective on 12 October, 2005. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.3 Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 3 family of assurance requirements. The product, when configured as specified in the installation guides and user guides, satisfies all of the security functional requirements stated in the Nitro Security Intrusion Prevention System Version 7.1.3 Security Target. The evaluation was completed in April 2007. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report for Nitro Security Intrusion Prevention System Version 7.1.3 prepared by CCEVS.
NitroSecurity holds its own GSA Schedule, with NAICS codes Product: 334290 and Maintenance: 81.
|
Log in
