Nexus’ Smart ID PKI platform obtains Common Criteria EAL4+
As a formal evidence of its strong security and high quality, Nexus’ PKI platform that enables digital trust in Workforce and IoT solutions has been certified in compliance with Common Criteria EAL4+. With its enriched feature set that includes certificate automation and extended integration capabilities, Nexus now offers the most modern PKI platform available.
Nexus’ certification enhances digital trust
The Common Criteria certification means that Nexus’ products and their security-related functions have been verified in an independent evaluation and quality control. It is an official proof that the processes to develop and evaluate the products are being conducted in a secure and repeatable manner.
“With this certificate, we make it much easier for our customers to prove the security and quality of their solutions, for example when they go through security certifications and auditing,” says Martin Furuhed, product owner of the Smart ID PKI platform and PKI expert since more than 20 years.
The certified versions are Certificate Manager 8.0.0 and OCSP Responder 6.0.2.
The Common Criteria certification provides a guarantee for quality, reliability and security and is often required due to increased demand on information security driven by national or international regulations. This is important and in line with Nexus’ work to protect business-critical environments in large organizations.
Certificate automation and simplified integration
Here are some other new features of Nexus’ PKI platform:
- Support for the ACME protocol, which enables automation of certificate management.
- To allow simplified integration to utilize our PKI platform, Certificate Manager (CM) REST API is available.
- Additional Hardware Security Module (HSM) support, and even nano HSMs from Yubico and Nitrokey.
- New reporting of certificate issuing metrics using InfluxDb to enable analytics and monitoring providers, such as Grafana.
About Common Criteria
The Common Criteria for Information Technology Security Evaluation (CC) is an internationally recognized evaluation standard for IT security products. Common Criteria assures that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous, standard and repeatable manner and at a level that is commensurate with the target environment for use.
For more information, see www.commoncriteriaportal.org/.