Centrify Server Suite Achieves Common Criteria Certification
December 04, 2013
SUNNYVALE, Calif. — Centrify Corporation, a leader in Unified Identity Services across data center, cloud and mobile, today announced that its Centrify Server Suite has achieved Common Criteria certification, successfully passing a rigorous evaluation process that includes independent analysis and testing of Centrify Server Suite to validate its security aspects for customers. Customers, including government agencies and associated civilian agencies that are required to purchase only those commercial security products which are certified by Common Criteria, are assured of the robust security capabilities of Centrify Server Suite.
Common Criteria is an international standard (ISO 15408) for evaluating the security properties of IT security products. Common Criteria provides a common set of requirements for the security functionality of these products and for assurance measures applied to these products during a security evaluation. The Common Criteria process establishes confidence that the security functionality of IT products earning certification and the assurance measures applied to these IT products meet the established Common Criteria evaluation requirements. Common Criteria is useful as a guide for the development, evaluation and/or procurement of IT products with security functionality.
“The Common Criteria certification of Centrify Server Suite is an important step because Centrify has now achieved an internationally recognized standard for Active Directory-based access control and role-based privilege management in cross platform environments,” said Erin Connor, Director of the EWA-Canada Common Criteria Test Lab (CCTL) that carried out the evaluation. “Achieving this certification demonstrates Centrify’s commitment to providing high quality security solutions to their customers for the management and protection of critical assets and information.”
The Centrify Server Suite successfully passed rigorous testing by the Certification Body for the Canadian Common Criteria Evaluation and is certified at the EAL (Evaluation Assurance Level) 2+. Centrify was certified using the methodology for EAL 2, and was certified to meet established flaw remediation procedures for the evaluated product. It is listed among products earning certification at: http://www.cse-cst.gc.ca/documents/services/cc/centrify-v20132-eval-eng.pdf.
Centrify’s ongoing commitment to the U.S. Federal Government market is demonstrated by this Common Criteria certification, as well as by last year’s Certificate of Networthiness (CON) from the U.S. Army NETCOM and FIPS 140-2 Level 1 validation. In addition, Centrify also previously received the Department of Defense (DoD) Joint Interoperability Test Command (JITC) certification for support of Common Access Cards (CAC) Smart Cards and strong authentication.
“The Common Criteria process validates the security functions of our solution, and provides confidence that the products customers deploy meet the highest security evaluation standards as measured by the Common Criteria process to best protect their IT infrastructures,” said Matt Hur, Centrify Senior Director of Product Management. “While government is an important market for Centrify, customers in other markets across the board recognize this objective validation of the security of the Centrify solution. We see that many commercial organizations include Common Criteria certification as a requirement in RFPs even if they are not required to do so.”
Centrify has broad acceptance throughout federal, defense and civilian agencies for its reliable identity consolidation and privileged access management solutions. The Centrify Server Suite lets organizations centrally control, secure and audit access to cross-platform systems, mobile devices, and applications by leveraging an infrastructure they already own — Microsoft Active Directory. Built on an integrated architecture, the Centrify Server Suite strengthens security, enhances regulatory compliance initiatives, and reduces IT expense and complexity. The Centrify Server Suite delivers secure authentication and single sign-on, role-based access control, privileged identity management, mobile security management, user-level auditing for Windows and UNIX systems, server isolation, and encryption of data-in-motion for the industry’s broadest set of heterogeneous systems and applications on premise and in the cloud.
EWA-Canada (www.ewa-canada.com) is Canada’s premier Information Assurance consulting firm specializing in IT Security Engineering, Managed Security Services, and independent third-party evaluation and testing of products in its Common Criteria, FIPS 140 2 Cryptographic Module, Security Content Automation Protocol and Payment Assurance test labs. EWA-Canada is recognized for its comprehensive experience with Common Criteria evaluations, enabling companies to efficiently and cost-effectively manage the evaluation process thereby ensuring their products meet important certification requirements. For further information please visit at www.ewa-canada.com/studies/it_security.php.
Centrify provides Unified Identity Services across the data center, cloud and mobile that results in one single login for users and one unified identity infrastructure for IT. Centrify’s solutions reduce costs and increase agility and security by leveraging an organization’s existing identity infrastructure to enable centralized authentication, access control, privilege management, policy enforcement and compliance. Centrify customers typically reduce their costs associated with identity lifecycle management and compliance by more than 50 percent. With more than 5,000 customers worldwide, including approximately half of the Fortune 50 and more than 60 Federal agencies, Centrify is deployed on more than one million server, application and mobile device resources on-premise and in the cloud. For more information about Centrify and its solutions, call (408) 542-7500, or visit http://www.centrify.com/.
Centrify is a registered trademark and Centrify Server Suite is a trademark of Centrify Corporation in the United States and other countries. All other trademarks are the property of their respective owners. Centrify Server Suite was previously referred to as Centrify Suite when entered into evaluation.
Ready to protect against the #1 Attack Vector?
Register for a 30-day trial of Centrify's Privileged Access Management (PAM) software to minimize your attack surface and control privileged access to your hybrid environment.