Solutions Overview
Enterprise Solutions
Universal Enterprise Access

Strong Authentication for Remote Access
Government Solutions
Standard Compliance & Certification

Certificate-based Credential Issuance and Verification

User Authentication for eGovernment
Online Banking Solutions
FFIEC Guidelines

User Authentication for Consumer Banking

User Authentication for Business Banking

User Authentication for Private Banking

Standard Compliance & Certification

Governments around the world are mandating increased levels of security to counter the increasing sophistication and complexity of attacks on computer systems and facilities. The cornerstone for any solution to increase security is the capability to verify with assurance the people that have been authorized access. Compliance with open standards such as FIPS 201 and Common Criteria are driving the security industry to release commercially available products that offer cost effective and easier to deploy solutions that counter the ever changing threats to cyber and physical critical infrastructure.

Several ActivIdentity products have been certified or approved for the following standards:

Common Criteria / NIAP
U.S. DoD Joint Interoperability Test Command
FIPS 140-2
FIPS 201

Common Criteria / NIAP

In June 1993, the sponsoring organizations of the existing US, Canadian, and European criteria (TCSEC, ITSEC, and similar) started the Common Criteria Project to align their separate criteria into a single set of IT security criteria. Version 1.0 of the CC was completed in January 1996. Based on a number of trial evaluations and an extensive public review, Version 1.0 was extensively revised and CC Version 2.0 was produced in April of 1998. This became ISO International Standard 15408 in 1999. The CC Project subsequently incorporated the minor changes that had resulted in the ISO process, producing CC version 2.1 in August 1999. Today the international community has embraced the CC through the Common Criteria Recognition Arrangement (CCRA) whereby the signers have agreed to accept the results of CC evaluations performed by other CCRA members. The US program for Common Criteria certification is called NIAP which stands for National Information Assurance Partnership.

CoreStreet Validation Authority: completed Common Criteria EAL3 evaluation augmented for flaw remediation.

U.S. DoD JITC

The Joint Interoperability Test Command (JITC) is the Public Key Infrastructure (PKI) test and certification organization for the U.S. Department of Defense (DoD). JITC has replicated the DoD's PKI environment to ensure a commercial product will meet their PKI standards when the product is fully deployed and in use within the DoD.

Several ActivIdentity products are JITC certified, including:
- ActivClient
- CoreStreet Validation Authority
- CoreStreet Responder Appliance
- CoreStreet Responder Software

FIPS 140-2

The Computer Security Division of the U.S. National Institute of Standards and Technology (NIST) manages a number of FIPS (Federal Information Processing Standards) covering cryptography, that is, hardware or software that encrypts and decrypts data or performs other cryptographic operations (such as creating or verifying digital signatures). These standards have been adopted by the U.S. and Canadian governments to guide their purchases of products that are intended to protect the security of electronic information and e-commerce. FIPS 140-1 standard was created in 1994 and it specifies requirements for the proper design and implementation of products that perform cryptographic operations. In 2001 a more stringent version of the standard was released called FIPS 140-2. Products are certified under the FIPS CMVP (Cryptographic Module Validation Program). CMVP is managed by NIST and CSE, the Communications Security Establishment of the Canadian government. The CMVP charter is to make sure that products correctly implement FIPS-approved cryptographic standards. FIPS 140 has four levels and these levels are intended to cover the wide range of potential applications and environments in which cryptographic modules may be employed.

ActivIdentity products with a level of FIPS 140-2 compliance include:
- 4TRESS Authentication Server: FIPS 140-2 Level 3 when deployed with a FIPS 140-2 Level 3 Hardware Security Module
- ActivClient: applets FIPS 140-2 Level 2 and 3 certified
- ActivEntry (previously called F5): Level 1 certified
- ActivEntry Mobile (previously called PIVMAN): Level 1 certified
- ActivID Card Management System: FIPS 140-2 certified cards, application support and HSM support
- CoreStreet Validation Authority and Path Builder: FIPS 140-2 Level 3 when deployed with a FIPS 140-2 Level 3 Hardware Security Module (such as Chrysalis’s Luna SA or nCipher’s nShield).

FIPS 201

The Federal Information Processing Standard 201, Personal Identity Verification (PIV) of Federal Employees and Contractors, was developed by NIST in response to the Homeland Security Presidential Directive 12 (HSPD-12), issued on August 27, 2004, which mandates the establishment of a standard for identification of Federal Government employees and contractors. The FIPS 201 PIV card is to be used for both physical and logical access control.

Several ActivIdentity products are on the GSA Approved Products List (APL) for FIPS 201, including:
- ActivClient
- ActivEntry (previously called F5) – approval ‘in process’
- ActivEntry Mobile (previously called PIVMAN)
- ActivID Card Management System
- CoreStreet Validation Authority
- CoreStreet Responder Appliance
- CoreStreet Path Builder

Request a Call

Find a Local Office

Follow Us On: