RSA has received the Common Criteria certification for RSA Identity Governance and Lifecycle 7.0 as outlined in the National Information Assurance Partnership (NIAP) and Protection Profile for Enterprise Security Management – Policy Management. Certification is designed to validate product development processes, documentation, product testing and security of the product. RSA Identity Governance and Lifecycle is compliant to the Protection Profile for Enterprise Security Management - Identity and Credential Management Version 2.1.
RSA Identity Governance and Lifecycle is designed to provide organizations with the ability to act with insight to reduce identity-based risks and drive informed security decisions. The solution is created to simplify how access is governed and streamlines access requests and fulfillment to deliver continuous compliance assurance by automating the management of user entitlements throughout the user’s lifecycle.
“Knowing who has access to data and applications, how they received that access and having an audit trail to prove it is appropriate access is critical to ensuring organizations are managing their identity risks – especially in today’s constantly changing technical landscape,” said Jim Ducharme, Vice President, Identity Products, RSA. “This Common Criteria designation gives public- and private-sector customers a higher level of confidence in RSA Identity Governance and Lifecycle’s ability to help them both mitigate identity risk and control access to their critical applications and information assets.”
Common Criteria is a technically demanding, internationally recognized security certification required by the U.S. and 27 national governments worldwide for departments and agencies seeking to procure commercial products. Common Criteria certification provides assurance that the process of specification, implementation and evaluation of technology products has been conducted in a rigorous, standard, and repeatable manner. It involves in-depth evaluation, documentation, and testing against exacting standards to ensure products meet established minimums for functionality, information assurance, audit management, as well as mandates for access enforcement and cryptographic capabilities required by the U.S. federal government, global public sector organizations, critical infrastructure, and private industry.
NIAP is responsible for U.S. implementation of the Common Criteria and manages a national program for developing Protection Profiles, evaluation methodologies, and policies that will ensure achievable, repeatable, and testable requirements.
The evaluation was performed by Leidos’ Common Criteria Testing Laboratory within its Commercial Cybersecurity practice. Leidos is one of the top evaluation and testing laboratories approved by the NIAP to conduct testing and evaluation for Common Criteria and other certifications critical to U.S. government customers.