For PRIM’X, the certification of solutions is part of the Strategic Policy of a cybersecurity publisher. In order to ensure that users can have the highest level of confidence, an independent and strict assessment of the software solutions is regularly carried out under the auspices, in France, of the ANSSI, the French National information systems security agency.
PRIM’X has made Security Certification of its solutions a Strategic Vendor Policy. Certificates are maintained and passed again for the different versions and platforms in order to keep pace with changing technologies, the state of the art in cryptography and new threats. In addition to the certifications, the solutions undergo national and trans-national counter-assessments or counter-assessments specific to a given contract.
What does this provide?
- Avoids design errors
- Vulnerability analysis
- Effective compliance with a protection goal
- Audit of the development environment (sites and procedures)
- Assessment of the actual capacity to protect
- Robustness tests by an independent laboratory
- Compliance with standards and with the state-of-the-art
EAL3+ Common Criteria Certification
The role of Certification is to provide independent and impartial confirmation of the robustness of the product. This assessment is carried out by a third-party organisation (CESTI – information technology security assessment centre) under the authority of the ANSSI, and according to a technical brief and technical specifications. Certification provides confidence in the robustness of the product, for which the Common Criteria, recognised worldwide, define the framework of expertise.
Qualification for the French State (ANSSI) Restricted information
“Qualification is the recommendation by the French State of cybersecurity products or services that have been tested and approved by ANSSI. Approval concerns the regulatory, technical and safety requirements of the French authorities. The use of qualified products allows public or private entities to process information marked as “Restricted”.
The Security Visa, proof of the Certification and Qualification issued by the authorities, demonstrates the capability of the products to protect sensitive information. It serves as a trust criterion and makes it easy to identify the most reliable security solutions.
Endorsed for protecting EU and NATO information
In addition to ANSSI Certification and Qualification, European approval requires additional expert appraisal by a second national authority (in this case, for PRIM’X, Germany) before being listed in the catalogues. Software solutions that are listed in the NATO Catalogue and the Catalogue of EU-approved solutions are authorised for protecting information marked NATO Restricted and EU Restricted. This approval is internationally recognised.