pa|Welcome toin Sweden!is an independent company, specialised in information security services. You can find our services in the . Location specific services are listed on the country specific sites: atsec consultants are experts in information security standards like Common Criteria, ISO 27001, FIPS-140, IT-Grundschutz and PCI. Our experience ranges from large enterprises to medium-sized businesses. Our customer base encompasses businesses as well as government agencies. Our international presence in Germany, Sweden, USA and China enables us to support our customers in global projects. atsec laboratories specialise in evaluating and testing commercial products, using international standards to help provide assurance to end-users about the products they buy and use. We are certified according to ISO 27001, ISO 9001 and ISO 17025, which emphasises our focus on security. You can find our certificates . We are now hiring Junior and Senior Information Security Consultants. h5|ATSEC INFORMATION SECURITY SWEDEN Job Opportunity Legal h6|SEE YOU AT: bo|Read more . pa|Welcome toin Sweden!is an independent company, specialised in information security services. You can find our services in the . Location specific services are listed on the country specific sites: atsec consultants are experts in information security standards like Common Criteria, ISO 27001, FIPS-140, IT-Grundschutz and PCI. Our experience ranges from large enterprises to medium-sized businesses. Our customer base encompasses businesses as well as government agencies. Our international presence in Germany, Sweden, USA and China enables us to support our customers in global projects. atsec laboratories specialise in evaluating and testing commercial products, using international standards to help provide assurance to end-users about the products they buy and use. We are certified according to ISO 27001, ISO 9001 and ISO 17025, which emphasises our focus on security. You can find our certificates . We are now hiring Junior and Senior Information Security Consultants. h5|ATSEC INFORMATION SECURITY SWEDEN Job Opportunity Legal h6|SEE YOU AT: bo|Read more . td|atsec would like to congratulate DriveLock SE… atsec would like to congratulate LogPoint A/S… atsec would like to congratulate ALE USA Inc… The GSMA (Global System for Mobile Communications)… atsec would like to congratulate Canonical Group Ltd… atsec would like to congratulate HP Inc… atsec would like to congratulate HP Inc… atsec would like to congratulate F5 Networks Inc… th|Date Article st|2021-04-08 2021-02-22 2021-02-22 2021-01-19 2020-12-18 2020-12-18 2020-12-18 2020-11-17 h5|News Legal pa|atsec information security is an independent company specialized in information security services. Our consultants and evaluators have a wide range of business-specifc and security know-how. The following services are an excerpt of our portfolio. Should you need support in security areas that are not explicitly listed, please do not hesitate to contact us. We usually find solutions that satisfy the requirements of our customers. Our portfolio: Location specific services like FISMA or SCAP are listed on the country specific sites: h5|INFORMATION SECURITY SERVICES SWEDEN CONTACT: Legal pa|atsec information security AB Svärdvägen 3C 182 33 Danderyd Sweden Tel.: +46-8-55 110 400 Fax: +46-8-55 110 401 E-Mail: (details for encrypted email see )GmbH Steinstr. 70 81667 München Germany Tel.: +49-89-442-49-830 Fax: +49-89-442-49-831 E-Mail:corporation 9130 Jollyville Road, Suite 260 Austin, TX 78759 USA Tel.: +1-512-615-7300 Fax: +1-512-615-7301 E-Mail: Floor 3, Block C, Building 1, Boya C-Center, Beijing University Science Park, Life Science Park Changping District, Beijing, Postcode: 102206 P.R.China Tel.: +86-10-5305-6681 Fax.: +86-10-5305-6678 E-Mail: Room 29E, Xinjinqiao Road, Pudong District, Shanghai, 201206 P.R.China E-Mail: Via Tirso, 26 00198 Rome Italy Tel.: +39-06-86678587 Fax: +39-06-92912298 E-Mail: h5|CONTACT Legal bo|atsec Sweden atsec Germany atsec USA atsec China (Beijing Headquarters) atsec China (Shanghai office) atsec Italy pa|The website ofAB includes links to other web pages shown by the target URL in the status bar of your browser upon mouseover. atsec is not responsible for any contents linked or refereed to from it’s pages. The contents of the external web pages are subject exclusively to the responsibility and liability of the respective external providers and don’t mirror the opinion of atsec. If the internet offer of atsec AB is accessed, a data record will bes stored on the web server. This record consists of Those record are evaluated only for forensic and statistical purposes of atsec, i.e. for identification and tracing of illegal access (or access attempts) to the web server as well as for obtaining a summary of access frequency to individual offered segments. The data will not be transferred to third parties. Our website doesn’t make use of “cookies”. In addition, other personal details such as your name, address, telephone number or e-mail address will not be collected unless you provide this information voluntarily (i.e. personal data is processed when someone contactsAB to request information or when looking for a job). As per the principle of data reduction and data economy we store data only as long as necessary to reach the mentioned objectives or as regulated by law. All data will be deleted after the legally-determined deadline has expired, or when the purpose of recording is well served. Data is deleted routinely and in compliance with legal requirements. For example, the above mentioned log files of the web server are deleted after six months. We reserve the right to adjust this Privacy Policy occasionally, so that it always corresponds to the latest legal requirements. Personal data means any information relating to an identified or identifiable natural person (the “data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, address, an identification number, location data or online identifiers.AB is the data controller, and processes personal information that is necessary for the purpose of entering into, or exercising a contract with customers. The personal data processed of (potential) customers includes names, email addresses, phone numbers and any personal information provided by the customer in email conversations betweenAB and the customer. Personal customer data will not be used for the purpose of automated-decision making, including profiling, or for advertising purposes.AB ensures that the personal data of customers is protected and processed in accordance with legal obligations and atsec’s own internal guidelines and procedures.AB also has a Data Protection Officer to review atsec’s compliance with regulations. The legal basis for processing personal data of customers, as set out in Article 6 of GDPR, is to fulfill an agreement in which the data subject is a party or to take action at the request of the data subject prior to the conclusion of such an agreement (Article 6 (1)(b)). Personal data is processed to manage customer relationships and may be provided and collected prior to and upon the conclusion of a contract and that assignments are provided or otherwise in connection with a customer relationship. Personal data of customers is processed in Sweden, and may be processed outside of Sweden to adequate jurisdictions once an agreement between a customer andAB has been signed (i.e. withGmbH in Germany andcorporation in the US), which is conducted in accordance with legal provisions and in line with agreement established between the two parties. Personal data of customers is not shared with any third parties, unless specified explicitly in a written agreement betweenAB and the customer, or if it is required by law. Personal data will be destroyed as soon as it becomes clear that no agreement will be made betweenAB and the customer. If an agreement is established, personal data will be kept for as long as necessary for customer care after completion of a project (in accordance with the agreement betweenAB and the customer), with a maximum retention period of 6 years. Data subjects have the following right with respect to the processing of their personal data: If you have any questions regarding atsec’s processing of personal data or if you would like to exercise any of your rights as a data subject, please contact If you believe thatAB has not complied with your data protection rights, you can complain to Datainspektionen: Tel: 08-657 61 00 Email: If you have applied for a job position atAB, please read on how atsec handle and protect your personal data. Responsible for the content on this website is:AB Svärdvägen 3C 182 33 Danderyd Sweden Phone: +46 8 55 110 400 Telefax: +46 8 55 110 401 Email: The author reserves the right not to be responsible for the topicality, correctness, completeness or quality of the information provided. Liability claims regarding damage caused by the use of any information provided, including any kind of information which is incomplete or incorrect, will therefore be rejected. All offers are not-binding and without obligation. Parts of the pages or the complete publication including all offers and information might be extended, changed or partly or completely deleted by the author without separate announcement. The information provided by atsec on this site is not official in nature, it is an informal service only. Before relying on information you found on this site, check official sources for verification and confirmation of such information. We can not guarantee accuracy, correctness, completeness or timeliness of the information on this site. It is also not guaranteed that the information represents official positions or views regarding standards compliance or any other subject matter. The author is not responsible for any contents linked or referred to from his pages – unless he has full knowledge of illegal contents and would be able to prevent the visitors of his site from viewing those pages. If any damage occurs by the use of information presented there, only the author of the respective pages might be liable, not the one who has linked to these pages. Furthermore the author is not liable for any postings or messages published by users of discussion borads, guestbooks or mailing lists provided on his page. The author intended not to use any copyrighted material for the publication or, if not possible, to indicate the copyright of the respective object. The copyright for any material created by the author is reserved. Any duplication or use of such diagrams, sounds or texts in other electronic or printed publications is not permitted without the author’s agreement. “atsec” and the atsec logo are registered trademarks ofAB. This disclaimer is to be regarded as part of the internet publication which you were referred from. If sections or individual formulations of this text are not legal or correct, the content or validity of the other parts remain uninfluenced by this fact. li|Privacy Policy Imprint Disclaimer the IP address of the requesting computer, the data and time of the request, the access method or function of the requesting computer, for example “GET” or “POST”, the page from which the file was accessed (Referrer), the input values of the requesting computer (for example the filename), the name of the requested file, the transmitted data volume, the access status of the web server (for example file transmitted, file not found, command not executed), the type of web browser used (UserAgent) Right of Access (GDPR Art. 15) Right of Rectification (GDPR Art. 15(1)(d), 16) Right to Erasure (GDPR Art. 17) Right to Restriction of Processing (GDPR Art. 18) Right of Data portability (GDPR Art. 20) Right to Object to processing (GDPR Art. 21) st|What is personal data? Processing of personal data of customers Processing of personal data for job applicants Online-contents Referrals and links Copyright Trademarks Legal validity of this disclaimer h5|Imprint & Guidelines Legal h6|Privacy Policy Processing of Personal Data Imprint Disclaimer pa|for our teams in Stockholm, Munich and Austin in the following areas: Please have a look at our and send us a convincing application together with your CV to . li|Information Security Management Systems (ISO 27001 and BSI 100-x) Product evaluation according to Common Criteria (ISO/IEC 15408) Security compliance audits and assessments Penetration- and web-application – tests Security analysis of technologies, products and systems security architectures and concepts Security consulting information security or CS degree (other technical disciplines may be acceptable), or equivalent experience basic understanding of security principles for senior consultants a profound understanding of security principles and at least two years professional experience in information security proficiency in english and the language of the country of employment team player ability to maintain relationships with customers and third parties ability to self-sufficiently manage own time schedule in order to meet project deadlines and accommodate other work assignments, and to understand and proactively manage dependencies between work assignments within and between projects willingness to travel as necessary in support of atsec’s business h5|JOBS Legal bo|Junior / Senior Information Security Consultants Education Requirements pa|The NESAS scheme is a collaboration and jointly led by 3GPP and the GSMA, and is open to all vendors of network equipment products that support 3GPP defined functions. NESAS has been developed to strengthen the level of security in 5G and LTE networks following established best practices and schemes that provide security assurance. atsec is an GSMA appointed laboratory to provide Network Equipment Security Assurance Scheme (NESAS) security audits and network product evaluations against NESAS Security Assurance Specifications (SCAS). In the course of the NESAS audit, we provide documentation review of vendor development and product life-cycle processes and conduct interviews to assess compliance to the specified security requirements. The list of mobile network equipment vendors that have undergone an assessment and independent audit of their development and product life-cycle processes is available on GSMA’s website, which you can find . In the course of the network product evaluation, we apply test specifications from the relevant SCASes and run detailed tests on the network product. Test results are recorded in an Evaluation Report and provided to GSMA, if the evaluated product is to be listed on the NESAS website. Our NESAS portfolio encompasses the following services: li|Readiness assessment to help you estimate the level of effort that will be required to successfully comply with NESAS requirements NESAS security audits resulting in the GSMA listing Testing of network products according to applicable SCASes Education and training for vendors, telecommunication operators on NESAS security audit topic st|Our services h5|GSMA NESAS CONTACT: Legal h6|MORE INFORMATION: pa|With cyber criminality becoming more common, the requirements of more secure and trustworthy trust services are vital. Under the eIDAS regulation (No. 910/2014) it falls on a Trust Service Provider (TSP) to be able to assure that these trust services for authentication, digital certificates and electronic signing are qualified and safe, and that the TSP has followed the eIDAS requirements. To prove that the eIDAS requirements have been complied to, a Conformity Assessment has to be preformed by an accredited Conformity Assessment Body (CAB). atsec has great experience in performing IT-product assessments and is a licensed Conformity Assessment Body under eIDAS. Or eIDAS portfolio encompasses the following services: li|Readiness Assessment: Prior to eIDAS assessments our experienced evaluators perform an on-site check that shows readiness to perform an eIDAS assessment. This includes the preparation of a strategy and project plan for the assessment that measures that costs, resources and project risks are fully transparent. Qualified Trust Service Provider Assessments Certificate issuing for electronic signatures (signature by natural person), electronic seals (signature by legal person), and web-site authentication Services for signing and/or sealing (signature creation) Signature/seal validation services Time-stamp services Preservation services for electronic signatures/seals and related certificates Electronic registered delivery services Education and training for your staff to optimize your effort in pursuing eIDAS compliance. st|Our Services h5|eIDAS Trust Service Provider Assessments CONTACT: Legal h6|MORE INFORMATION: pa|The company was founded in January 2000 by three security professionals who share a passion for information security and were confident that a company focused solely on providing independent information security services could be successful without any external financing. As on its first dayis still an independent, standards-based IT (information technology) security consulting and evaluation services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. h5|COMPANY HISTORY Legal pa|The company has grown since it was founded in January, 2000 – with offices around the world, an experienced staff, and a service portfolio that encompasses almost every aspect of information security assessment, testing and evaluation. Our mission is to provide our customers with professional and independent advice on information security in order to empower their business and operations. From our very first project to our current global business activities, we have always followed these principles: atsec knows the worldwide information security assessment, testing and evaluation business very well. With a multinational staff, it is only natural that we feel comfortable operating internationally. We are a company with global reach. Information security assessment, testing and evaluation is a high-integrity business and trust is key. All atsec employees are committed to sustaining the highest degree of integrity in our client relationships. We are devoted to delivering the highest quality in a timely manner. atsec colleagues are information security experts. As such, atsec focuses solely on security assessment, testing and evaluation. We do not provide services in any other areas, and we do not sell hardware, software, or any other ware. We are not affiliated with any hardware or software vendor, and we never will be. Our credibility as security experts hinges on that independence. Our customers can rely on us to be objective. We have no interest in selling anything other than our security assessment, testing and evaluation expertise. h5|OUR PRINCIPLES Legal bo|We know the business We act with integrity We stay focused We are independent pa|Further services and resources with US relevance can be found on our . h5|COMPANY RESOURCES Legal pa|FIPS 140-2, short for the U.S. Federal Information Processing Standard 140-2, Security Requirements for Cryptographic Modules, specifies requirements related to the secure design and implementation of cryptographic modules that provide protection for sensitive or valuable data. atsec offers these cryptographic module testing services: As atsec is actively involved in the new version of FIPS 140-3, we can already prepare our customers for any changes in the standard. li|Consultation on FIPS 140-2 requirements Assessment of your cryptographic module test readiness Support for the production of the Security Policy, Finite State Model, and user documentation Conformance testing of cryptographic modules, resulting in a certificate issued by the National Institute of Standards and Technology (NIST) and Communications Security Establishment of Canada (CSEC) Cryptographic Module Validation Program (CMVP) h5|FIPS 140-2 CONTACT: Legal h6|More information: pa|2021-04-08 atsec would like to congratulate DriveLock SE on a successful certification of DriveLock Agent 2019.2 (Device and Application Control) SP 1, according to Evaluation Assurance Level 3 (EAL3). The certificate was issued by the Swedish CC Scheme (CSEC) as of April 7th, 2021. The certification is recognized within CCRA. For more information, please visit our list of or the . h5|DriveLock Agent 2019.2 Common Criteria evaluation successfully certified Legal pa|A security audit assesses the effectiveness and appropriateness of measures based on a systematic examination. The audit report prioritises detected vulnerabilities according to the risk they pose and provides suitable measures to counter or reduce those vulnerabilities. Regular audits ensure the compliance to requirements and support the advancement of the internal control system and the security management (governance). Extensively trained auditors provide the following services based on international standards, best practices and your internal regulations: Our auditors provide detailed reports that not only describe the problem in understandable language but also contain practical recommendations for measures to handle the detected issues. li|Internal audits for ISO 27001 Internal PCI-DSS (Payment Card Industry – Data Security Standard) audits Data protection audits to assess technical and organisational measures Audits to assess the physical security of IT locations like data centers Technical penetration tests of websites, applications and networks h5|SECURITY AUDITS CONTACT: Legal bo|Our Services pa|Not only are there legal requirements for data protection, this topic is also very much in the public eye. The base for a successful long-term customer relationship is the trustworthy handling of customer and employee data. Legal and contractual data protection requirements need to be addressed in a trustworthy manner. atsec can help you implementing and operating a data protection management with the following services: For a first overview of your data protection we start with a readiness assessment. An experienced consultant analyses the current state on-site to get a good understanding of your current processes and measures. This provides a rating of your current compliance status. The result of the readiness assessment contains a plan for implementing fully compliant data protection according to the applicable laws as well as a sound estimation of efforts that shows the expected internal efforts as well as consulting efforts required for the implementation. li|Establishment of a data protection management system (DPMS) and integration into existing management systems Development of a lean data protection policy that fits the requirements of your organisation Generation of a procedure index of relevant procedures Development of a concept for locking and deleting personal data for all relevant processes Data protection audits, internally as well as at your suppliers Support in applying the European data protection directive 95/46/EG Training and coaching of your data protection officer h5|DATA PROTECTION CONTACT: Legal bo|Our Services pa|2020-12-18 atsec would like to congratulate HP Inc. on a successful certification of GIFF 2600PP, according to Evaluation Assurance Level 3 (EAL3). The certificate was issued by the Swedish CC Scheme (CSEC) as of December 8th, 2020. The certification is recognized within CCRA. For more information, please visit our list of or the . h5|HP GIFF 2600PP Common Criteria evaluation successfully certified Legal pa|For encrypted communication we do support two mechanisms, GPG/PGP and S/MIME. Please exchange the needed public keys (PGP) or certificates (S/MIME) with your communication partner at atsec. For the latter, just send a signed e-mail to your atsec communication partner. To facilitate the management of S/MIME certificates, we provide the CA certificate and the certificate revocation list (CRL) below: To verify public keys or certificates, please contact your communication partner for finger-print verification. h5|E-MAIL ENCRYPTION Legal pa|atsec is a CMVP (CMTL) accredited by NVLAP (National Voluntary Laboratory Accrediation Program) in the U.S. The company has a long-standing international reputation in information security and is one of the most experienced information security test and evaluation facilities world-wide. Contact atsec at for further information on cryptographic algorithm testing. The following implementations were tested by the atsec laboratory. td|Analog Devices, Inc. Sypher AES-256-bit FPGA Encryption Module 1 Hardware 2018-06-15 F5 Networks F5® vCMP Cryptographic Module 2 Firmware 2018-04-30 Oracle Corporation Oracle Linux 6 Libreswan Cryptographic Module 1 Software 2018-04-12 Oracle Corporation Oracle Linux 7 GnuTLS Cryptographic Module 1 Software 2018-04-10 Oracle Corporation Oracle Linux 7 Libreswan Cryptographic Module 1 Software 2018-04-10 Lenovo Group Limited Lenovo OpenSSL Library for ThinkSystem 1 Software 2018-03-22 Apple Inc. Apple CoreCrypto Kernel Module v8.0 for Intel 1 Software 2018-03-22 Apple Inc. Apple CoreCrypto Module v8.0 for Intel 1 Software 2018-03-22 Apple Inc. Apple CoreCrypto Module v8.0 for ARM 1 Software 2018-05-17 Apple Inc. Apple CoreCrypto Kernel Module v8.0 for ARM 1 Software 2018-05-17 Red Hat®, Inc. Red Hat Enterprise Linux Kernel Crypto API Cryptographic Module 1 Software 2018-03-05 Oracle Corporation Oracle Linux 7 NSS Cryptographic Module 1 Software 2018-03-01 F5 Networks F5® Device Cryptographic Module 2 Hardware 2018-02-28 Qualcomm Technologies, Inc QTI Inline Crypto Engine (UFS) 1 Hardware 2018-02-09 Qualcomm Technologies, Inc QTI Crypto Engine Core 2 Hardware 2018-02-09 Qualcomm Technologies, Inc QTI Pseudo Random Number Generator 1 Hardware 2018-02-12 Oracle Corporation Oracle Linux 6 NSS Cryptographic Module 1 Software 2018-02-06 SUSE, LLC SUSE Linux Enterprise Server Kernel Crypto API Cryptographic Module 1 Software 2018-01-02 Zebra Technologies Corporation QTI Cryptographic Module on Crypto 5 Core 1 Software-Hybrid 2018-02-06 Red Hat®, Inc. Red Hat Enterprise Linux Libreswan Cryptographic Module 1 Software 2017-12-19 Red Hat®, Inc. Red Hat Enterprise Linux NSS Cryptographic Module 1 Software 2018-02-08 NetBrain Technologies, Inc. NetBrain OpenSSL Cryptographic Module 1 Software 2017-11-17 Red Hat®, Inc. Red Hat Enterprise Linux OpenSSH Client Cryptographic Module 1 Software 2017-11-27 IBM Corporation IBM® Crypto for C V8.6.0.0 1 Software 2017-11-14 Red Hat®, Inc. Red Hat Enterprise Linux OpenSSH Server Cryptographic Module 1 Software 2017-11-14 IBM Corporation IBM® z/OS® Version 2 Release 2 System SSL Cryptographic Module 1 Software-Hybrid 2017-11-07 SUSE, LLC SUSE Linux Enterprise Server OpenSSL Module 1 Software 2017-10-05 Oracle Corporation Oracle Linux 7 OpenSSH Client Cryptographic Module 1 Software 2018-05-24 Oracle Corporation Oracle Linux 6 OpenSSH Server Cryptographic Module 1 Software 2018-06-12 Oracle Corporation Oracle Linux 6 OpenSSH Client Cryptographic Module 1 Software 2018-02-06 Oracle Corporation Oracle Linux 7 OpenSSH Server Cryptographic Module 1 Software 2018-05-24 IBM Corporation IBM® z/OS® Version 2 Release 2 ICSF PKCS #11 Cryptographic Module 1 Software-Hybrid 2018-02-12 Oracle Corporation Oracle Linux OpenSSL Cryptographc Module 1 Software 2018-05-17 Red Hat®, Inc. Red Hat Enterprise Linux OpenSSL Cryptographic Module 1 Software 2017-09-15 Red Hat®, Inc. Red Hat Enterprise Linux GnuTLS Cryptographic Module 1 Software 2017-09-08 Canonical Ltd. Ubuntu Strongswan Cryptographic Module v1.0 1 Software 2017-07-31 Canonical Ltd. Ubuntu Kernel Crypto API Cryptographic Module v1.0 1 Software 2017-07-18 TCL Communications Ltd. TCT Crypto Engine 1 Hardware 2017-06-23 TCL Communications Ltd. TCT Random Number Generator 1 Hardware 2017-06-23 TCL Communications Ltd. TCT Crypto Engine Core 2 Hardware 2017-06-23 F5 Networks Cryptographic Module for BIG-IP® 1 Software 2017-05-15 Canonical Ltd. Ubuntu OpenSSH Server Cryptographic Module 1 Software 2017-05-10 Canonical Ltd. Ubuntu OpenSSH Client Cryptographic Module 1 Software 2017-05-10 Canonical Ltd. Ubuntu OpenSSL Cryptographic Module 1 Software 2017-04-23 IBM Corporation IBM Java JCE FIPS 140-2 Cryptographic Module with CPACF 1 Software-Hybrid 2017-02-13 Apple Inc. Apple iOS CoreCrypto Module v7.0 1 Software 2017-02-01 Apple Inc Apple macOS CoreCrypto Module, v7.0 1 Software 2017-02-01 Apple Inc. Apple iOS CoreCrypto Kernel Module v7.0 1 Software 2017-02-01 Apple Inc. Apple macOS CoreCrypto Kernel Module, v7.0 1 Software 2017-02-01 IBM Corporation IBM® z/OS® Version 2 Release 1 System SSL Cryptographic Module 1 Software 2017-02-01 Red Hat(R), Inc. Red Hat Enterprise Linux Kernel Crypto API Cryptographic Module v4.0 with CPACF 1 Software 2016-11-28 Red Hat(R), Inc. Red Hat Enterprise Linux GnuTLS Cryptographic Module 1 Software 2016-10-31 IBM Corporation IBM® z/OS® v2r1 ICSF PKCS #11 Cryptographic Module 1 Software-Hybrid 2018-02-20 Red Hat(R), Inc. Red Hat Enterprise Linux Kernel Crypto API Cryptographic Module v4.0 1 Software 2016-09-12 Red Hat(R), Inc. Red Hat Enterprise Linux Libreswan Cryptographic Module v4.0 1 Software 2016-08-29 Intel Corporation Intel vPro Platforms’ Security Engine Chipset Cryptographic Module 1 Firmware-Hybrid 2016-08-26 IBM Corporation IBM Java JCE FIPS 140-2 Cryptographic Module 1 Software 2016-08-22 Red Hat(R), Inc. Red Hat Enterprise Linux NSS Cryptographic Module v4.0 1 Software 2018-01-30 Zanjia Electronic Science & Technology (Beijing) Co., Ltd. HSM-ZJ2014 3 Hardware 2016-07-28 IBM® Corporation IBM® z/OS® Version 2 Release 1 Security Server RACF® Signature Verification Module version 1.0 1 Software-Hybrid 2016-07-28 Samsung Electronics Co., Ltd. Samsung Kernel Cryptographic Module 1 Software 2016-07-11 Red Hat(R), Inc. Red Hat Enterprise Linux libgcrypt Cryptographic Module v4.0 1 Software 2017-07-28 Samsung Electronics Samsung Flash Memory Protector V1.1 1 Software-Hybrid 2016-05-13 Red Hat(R), inc. Red Hat Enterprise Linux OpenSSH Client Cryptographic Module 1 Software 2016-05-12 Red Hat(R), inc. Red Hat Enterprise Linux OpenSSH Server Cryptographic Module 1 Software-Hybrid 2016-05-02 SUSE, LLC Linux Enterprise Server 12 – NSS Module Version 1.0 2 Software 2016-04-22 Century Longmai Technology Company Ltd. mToken CryptoID (Hardware V. SCC-X; Firmware V. 3.11) 3 Hardware 2016-04-14 Qualcomm Technologies, Inc QTI Crypto Engine Core Version 5.3.1 2 Hardware 2016-04-11 Qualcomm Technologies, Inc. QTI Pseudo Random Number Generator Version 2.0 1 Hardware 2016-04-08 Apple Inc. Apple OS X CoreCrypto Module v6.0 1 Software 2016-04-05 Apple Inc. Apple iOS CoreCrypto Kernel Module v6.0 1 Software 2016-04-05 Apple Inc. Apple OS X CoreCrypto Kernel Module v6.0 1 Software 2016-03-29 Apple Inc. Apple iOS CoreCrypto Module v6.0 1 Software 2016-03-29 Qualcomm Technologies, Inc. QTI Inline Crypto Engine (SDCC) 1 Hardware 2016-03-22 Red Hat(R), Inc. Red Hat Enterprise Linux 6.6 Kernel Crypto API Cryptographic Module 1 Software 2016-03-16 Qualcomm Technologies, Inc. QTI Inline Crypto Engine (UFS) 1 Hardware 2016-03-11 Red Hat(R), Inc. Red Hat Enterprise Linux 6.6 NSS Module 2 Software 2016-02-17 SUSE, LL SUSE Linux Enterprise Server 12 Kernel Crypto API Cryptographic Module 1 Software 2016-01-29 Hewlett Packard®, Enterprise HPE OpenCall HLR Cryptographic Module 1 Software 2015-12-22 Samsung Electronics Co., Ltd. Samsung Flash Memory Protector V1.0 1 Software-Hybrid 2015-12-21 SUSE, LLC SUSE Linux Enterprise Server 12 StrongSwan Cryptographic Module 1 Software 2015-12-14 Samsung Electronics Co., Ltd. Samsung CryptoCore Module 1 Software 2015-11-16 SUSE, LLC SUSE Linux Enterprise Server 12 OpenSSH Client Module 1 Software 2015-11-13 SUSE, LLC SUSE Linux Enterprise Server 12 OpenSSH Server Module 1 Software 2015-11-13 SUSE, LLC SUSE Linux Enterprise Server 12 libgcrypt Cryptographic Module 1 Software 2015-10-30 Red Hat®, Inc. Red Hat Enterprise Linux 6.6 OpenSSH Server Cryptographic Module 1 Software 2015-09-16 Red Hat®, Inc. Red Hat Enterprise Linux 6.6 OpenSSH Client Cryptographic Module 1 Software 2015-09-16 Red Hat®, Inc. Red Hat Enterprise Linux 6.6 OpenSSL Module 1 Software 2015-09-08 SUSE LLC SUSE Linux Enterprise Server 12 OpenSSL Module 1 Software 2015-08-20 Samsung Electronics Co., Ltd. Samsung Kernel Cryptographic Module 1 Software 2015-08-14 Qualcomm Technologies, Inc. QTI Cryptographic Module on Crypto 5 Core 1 Software-Hybrid 2015-08-11 IBM® Corporation IBM® Crypto for C v.8.4.1.0 1 Software 2015-08-05 Apple Inc. Apple iOS CoreCrypto Kernel Module v5.0 1 Software 2015-07-22 Apple Inc. Apple OS X CoreCrypto Module, v5.0 1 Software 2015-07-22 Apple Inc. Apple OS X CoreCrypto Kernel Module v5.0 1 Software 2015-07-22 Apple Inc. Apple iOS CoreCrypto Module v5.0 1 Software 2015-06-23 WatchData Technologies Pte Ltd WatchKey ProX USB Token Cryptographic Module 3 Hardware 2015-06-23 Samsung Electronics Co., Ltd. Samsung Kernel Cryptographic Module 1 Software 2015-03-16 Protegrity USA Inc. Protegrity Cryptographic Module 1 Software 2015-03-02 McAfee, Inc. McAfee NGFW Cryptographic Library 1 Software 2015-01-09 SecuTech Solutions PTY LTD UniMate USB/TRRS PKI Token 2 Hardware 2015-01-09 McAfee, Inc. McAfee NGFW Cryptographic Kernel Module 1 Software 2014-11-07 Qualcomm Technologies, Inc. QTI Cryptographic Module on Crypto 5 Core 1 Software-Hybrid 2014-11-04 INSIDE Secure VaultIP 2 Hardware 2014-10-24 WideBand Corporation GoldKey Security Token Cryptographic Modul 2 Hardware 2014-09-10 Samsung Electronics Co., Ltd. Samsung Kernel Cryptographic Module 1 Software 2014-07-31 CoCo Communications CoCo OpenSSL Cryptographic Module 2.1 1 Software 2014-06-05 IBM® Corporation IBM® z/VM® Version 6 Release 3 System SSL Cryptographic Module 1 Hybrid 2014-04-30 Samsung Electronics Co., Ltd. Samsung OpenSSL Cryptographic Module 1 Software 2014-03-28 Samsung Electronics Co., Ltd. Samsung FIPS BC for Mobile Phone and Tablet 1 Software 2014-02-26 GoldKey Security Corporation GoldKey Security Token Cryptographic Module 2 Hardware 2014-01-29 Samsung Electronics Co., Ltd. Samsung Key Management Module 1 Software 2013-11-18 Stonesoft Corporation Stonesoft Cryptographic Library 1 Software 2013-11-13 Coco Communications CoCo Cryptographic Module 2.0 1 Software 2013-11-12 Apple Inc. Apple OS X CoreCrypto Module, v4.0 1 Software 2013-11-07 Apple Inc. Apple OS X CoreCrypto Kernel Module, v4.0 1 Software 2013-11-07 Apple Inc. Apple iOS CoreCrypto Module, v4.0 1 Software-Hybrid 2013-11-07 Apple Inc. Apple iOS CoreCrypto Kernel Module, v4.0 1 Software 2013-11-07 IBM® Corporation IBM® Crypto for C 1 Software 2013-08-27 Stonesoft Corporation Stonesoft Cryptographic Kernel Module 1 Software 2013-08-13 Samsung Electronics Co., Ltd. Samsung FIPS BC for Mobile Phone and Tablet 1 Software 2013-07-23 Apple Inc. Apple iOS CoreCrypto Module, v3.0 1 Software-Hybrid 2013-06-14 Apple Inc. Apple OS X CoreCrypto Module, v3.0 1 Software 2013-06-14 Apple Inc. Apple OS X CoreCrypto Kernel Module, v3.0 1 Software 2013-06-07 Samsung Electronics Co., Ltd. Samsung OpenSSL Cryptographic Module 1 Software 2013-05-16 Apple Inc. Apple iOS CoreCrypto Kernel Module, v3.0 1 Software 2013-05-03 Red Hat®, Inc. Red Hat Enterprise Linux 6.2 dm-crypt Cryptographic Module 1 Software 2013-04-15 SUSE Linux Products GmbH OpenSSL Module 1 Software 2013-04-08 Samsung Electronics Co., Ltd. Samsung Key Management Module 1 Software 2013-04-04 Samsung Electronics Co., Ltd. Samsung Kernel Cryptographic Module 1 Software 2013-03-20 Red Hat®, Inc. Red Hat Enterprise Linux 6.2 Kernel Crypto API Cryptogr. Module 1 Software 2013-02-21 Red Hat®, Inc. Red Hat Enterprise Linux 6.2 Openswan Cryptographic Module 1 Software 2012-12-03 Red Hat®, Inc. Red Hat Enterprise Linux 6.2 OpenSSH Client Cryptographic Module 1 Software 2012-08-24 Red Hat®, Inc. Red Hat Enterprise Linux 6.2 OpenSSH Server Cryptographic Module 1 Software 2012-08-24 Red Hat®, Inc. Red Hat Enterprise Linux 6.2 Libgcrypt Cryptographic Module 1 Software 2012-07-27 Red Hat®, Inc. Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module 1 Software 2012-07-27 IBM® Corporation IBM® z/VM® Version 6 Release 1 System SSL Cryptographic Module 1 Software-Hybrid 2012-06-25 IBM® Corporation IBM® z/OS® Version 1 Release 13 System SSL Cryptographic Module 1 Software-Hybrid 2012-03-12 IBM® Corporation IBM® z/OS® Version 1 Release 13 ICSF PKCS#11 Cryptographic Module 1 Software-Hybrid 2012-02-06 Samsung Electronics Co., Ltd. Samsung Kernel Crypto API Cryptographic Module 1 Software 2011-12-14 Watchdata Technologies Pte Ltd WatchKey USB Token 2 Hardware 2011-11-17 Pierson Capital Technology LLC MIIKOO D4 3 Hardware 2011-11-10 Samsung Electronics Co., Ltd. Samsung Key Management Module 1 Software 2011-11-10 IBM® Corporation IBM® z/OS® Version 1 Release 12 System SSL Cryptographic Module 1 Software-Hybrid 2011-09-08 ZTE Corporation UEP Cryptographic Module, Version 4.11.10 1 Software 2011-08-09 ZTE Corporation Unified Platform Cryptographic Library, Version: 1.1 1 Software 2011-07-27 Quantum Corporation Scalar Key Manager 1 Software 2010-11-15 Data Locker Inc. Data Locker Enterprise, V2.0 1 Hardware 2011-02-24 IBM® Corporation IBM® z/OS® Version 1 Release 11 System SSL Cryptographic Module 1 Software-Hybrid 2011-02-04 IBM® Corporation IBM® Crypto for C v.8.0.0. 1 Software 2010-12-21 IBM® Corporation IBM® z/OS® Version 1 Release 11 ICSF PKCS#11 Cryptographic Module 1 Software-Hybrid 2010-12-21 Wind River Systems, Inc. Network Security Services (NSS) 1 + Software 2010-12-21 Patrick Townsend Security Solutions Alliance Key Manager 1 Software 2010-11-15 Hewlett Packard Inc. HP OpenCall HLR Cryptographic Module 1 Software 2010-09-02 Red Hat®, Inc. Red Hat Enterprise Linux 5 OpenSSH-Server Cryptographic Module 1 Software 2010-08-21 Red Hat®, Inc. Red Hat Enterprise Linux 5 OpenSSH Client Cryptographic Module 1 Software 2010-08-12 Red Hat®, Inc. Red Hat Enterprise Linux 5 OpenSwan Cryptographic Module 1 Software 2010-08-12 Red Hat®, Inc. Red Hat Enterprise Linux 5 Kernel Crypto API Cryptographic Module 1 Software 2010-08-12 IBM® Corporation IBM® z/OS® Version 1 R. 10 System SSL Cryptographic Module 1 Software-Hybrid 2010-08-12 Red Hat®, Inc. Red Hat Enterprise Linux 5 OpenSSL Cryptographic Module 1 Software 2010-06-09 Red Hat®, Inc. Red Hat Enterprise Linux 5 Libgcrypt Cryptographic Module 1 Software 2010-04-26 Secuware Secuware Security Framework Crypt4000 Module 1 Software 2008-12-24 th|Vendor Product Security Level Type Number Date h5|FIPS 140-2 CERTIFICATES Legal pa|2020-12-18 atsec would like to congratulate Canonical Group Ltd on a successful certification of Canonical Ubuntu Server 18.04.4, according to Evaluation Assurance Level 2 (EAL2). The certificate was issued by the Swedish CC Scheme (CSEC) as of December 11th, 2020. The certification is recognized within CCRA. For more information, please visit our list of or the . h5|Canonical Ubuntu Server 18.04.4 Common Criteria evaluation successfully certified Legal pa|2020-12-18 atsec would like to congratulate HP Inc. on a successful certification of MYBASK 2600PP, according to Evaluation Assurance Level 3 (EAL3). The certificate was issued by the Swedish CC Scheme (CSEC) as of December 8th, 2020. The certification is recognized within CCRA. For more information, please visit our list of or the . h5|HP MYBASK 2600PP Common Criteria evaluation successfully certified Legal pa|2021-02-22 atsec would like to congratulate LogPoint A/S on a successful certification of LogPoint™ 6.8.0, according to Evaluation Assurance Level 3 (EAL3). The certificate was issued by the Swedish CC Scheme (CSEC) as of February 17th, 2021. The certification is recognized within CCRA. For more information, please visit our list of or the . h5|LogPoint™ 6.8.0 Common Criteria evaluation successfully certified Legal pa|The Common Criteria (CC) and the internationally-recognized ISO standard (ISO 15408) are used by governments and other organizations to assess security and assurance of information technology products. The CC standard provides a uniform way of expressing security requirements and defines a set of rigorous criteria by which a product’s security aspects (for example, development environment, security functionality, and handling of security vulnerabilities) can be meaningfully evaluated. The CC standard provides a consistent way to define and test compliance to security requirements. The CC define a range of strict criteria to evaluate a product according to its security aspects (for example the development environment, the security functionality and the handling of security vulnerabilities). This allows an objective verification of the trustworthiness of a security product. atsec is one of the most experienced evaluation lab in the world. Members of atsec have been heavily involved in the development of the German and European information security criteria that where the basis for the Common Criteria. Today atsec is still involved in the further development of the Common Criteria and supports national agencies in the set up of their own certification schemes for Common Criteria. As of today, atsec has performed more than a hundred of CC evaluations of various information security products. This includes large, complex software systems like operating systems. databases, firewalls and printing systems of international manufacturers like Apple, Cray, HP, IBM, Microsoft, Océ, Oracle, RedHat, SGI und SuSE. atsec is accredited as a Common Criteria evaluation lab in Germany by the Bundesamt für Sicherheit in der Informationstechnik (BSI), in Italy by Organismo di Certificazione della Sicurezza Informatica (OCSI), in Sweden by CSEC and in the USA by NIAP. The certificates from these countries are recognized in 26 Countries. Our Common Criteria portfolio encompasses the following services: li|Readiness assessment: Prior to evaluation and certification our experienced evaluators perform an on-site check that shows which parts of the product and the development environment are already fit for an evaluation and which parts require work to become ready for an evaluation. This includes the preparation of a strategy and project plan for the evaluation that ensures that costs, resources and project risks are fully transparent. Product evaluation: The evaluation of a product by one of our evaluation laboratories to achieve an internationally recognized CC-certificate. Development and evaluation of Protection Profiles Support of the evaluation by an independent consulting team Development of the Security Target (ST). Discovery or production of evidence to support the evaluation project. Migration assistance to Common Criteria version 3.1, new protection profiles and evaluation assurance levels. Education and training for your staff to optimize your efforts in pursuing Common Criteria certification. Education and training for manufacturers, government agencies, evaluators and certifiers on all Common Criteria topics. Support for the establishment of national certification schemes. h5|COMMON CRITERIA SERVICES CONTACT: Legal h6|RESPONSIBLE ORGANISATIONS: More Information: bo|Our Services pa|2020-11-17 atsec would like to congratulate F5 Networks Inc. on a successful certification of BIG-IP 14.1.2 VE claiming compliance to NDcPP and FWcPP. The certificates were issued by the Swedish CC Scheme (CSEC) as of November 4th, 2020. The certifications are recognized within CCRA. For more information, please visit our list of or the . h5|F5 BIG-IP 14.1.2 VE Common Criteria evaluation successfully certified Legal pa|atsec is a Common Criteria (CC) security evaluation facility accredited and licensed by: Below is a list of products and components we have evaluated to date – with links to Certificates, Evaluation Reports and Security Targets. Links to Security Targets and Certification Reports point to pdf files maintained on the websites of the various schemes listed above. The company has a long-standing international reputation in information security and is one of the most experienced evaluation facilities world-wide. atsec consultants drafted the former German evaluation criteria and contributed significantly to the development of the Information Technology Security Evaluation Criteria (ITSEC), which is one of the standards that was used as input to the Common Criteria development. Please take a look at our . We can provide you with the most recent information about our evaluations, including providing all our security targets and certification reports. td|2021 DriveLock Agent 2019.2 CSEC2019015 EAL 3+ CSEC 2021 LogPoint™ 6.8.0 CSEC2020004 EAL 3+ CSEC 2021 Alcatel-Lucent Enterprise OmniSwitch with AOS 8.6.4.R11 CSEC2019023 EAL 2+ CSEC 2020 Canonical Ubuntu Server 18.04.4 CSEC2019029 EAL 2+ CSEC 2020 HP GIFF 2600PP CSEC2019016 EAL 3+ CSEC 2020 HP MYBASK 2600PP CSEC2019014 EAL 3+ CSEC 2020 Apple iOS 13 CCEVS-VR-VID11036-2020 PP NIAP 2020 F5 BIG-IP 14.1.2 VE LTM+APM NDcPP CSEC2019022 EAL 1+ CSEC 2020 F5 BIG-IP 14.1.2 VE LTM+AFM FWcPP CSEC2019021 EAL 1+ CSEC 2020 PR/SM for IBM z15 and IBM LinuxOne III Systems Driver Level D41C BSI-DSZ-CC-1133-2020 EAL 5 BSI 2020 HP YA 2600 CSEC2019013 EAL 3+ CSEC 2020 HP BBBC 2600 CSEC2018002 EAL 3+ CSEC 2020 Nexus Certificate Manager 8.0.0 Nexus OCSP Responder 6.0.2 CSEC2017002 EAL 4+ CSEC 2019 HP NAMS CSEC2017008 EAL 3+ CSEC 2019 F5 BIG-IP 14.1.0 for LTM+APM NDcPP CSEC2019004 EAL 1+ CSEC 2019 F5 BIG-IP 14.1.0 for LTM+AFM FWcPP CSEC2019003 EAL 1+ CSEC 2019 HP FCB HCDPP CSEC2019002 EAL 1+ CSEC 2019 HP GIF CSEC2017009 EAL 3+ CSEC 2019 IBM RACF for z/OS, V2R3 OCSI/CERT/ATS/09/2018/RC EAL 5+ OCSI 2019 Owl DualDiode CSEC2018006 EAL 4+ CSEC 2019 HP KB HCDPP CSEC2019001 EAL 1+ CSEC 2019 IBM Enterprise PKCS#11 (EP11) Firmware identifier ‘2b638e8e’ (4768) BSI-DSZ-CC-1094-2019 EAL 4 BSI 2019 IBM z/OS V2R3 OCSI/CERT/ATS/01/2018/RC EAL 4+ OCSI 2019 F5 BIG-IP 13.1.1 for LTM+APM NDcPP CSEC2017021 EAL 1+ CSEC 2019 F5 BIG-IP 13.1.1 for LTM+AFM FWcPP CSEC2017016 EAL 1+ CSEC 2019 HP YA HCDPP CSEC2018007 EAL 1+ CSEC 2019 HP Intrusion Detection CSEC2016006 EAL 2+ CSEC 2019 HP BBC HCDPP CSEC2018002 EAL 1+ CSEC 2019 PR/SM for IBM z14 and IMB LinuxONE Systems Driver Level D32L with Bundle Level S35 BSI-DSZ-CC-1101-2019 EAL 5+ BSI 2019 Apple iOS 12 CCEVS-VR-10937-2019 PP NIAP 2019 Oracle Linux 7.3 CSEC2017013 EAL 1+ CSEC 2019 Oracle Linux 7.3 OSPP CSEC2017014 N/A CSEC 2019 HP NAMS HCDPP CSEC2017012 EAL 1+ CSEC 2018 F5 BIG-IP 12.1.3.4 for LTM + APM NDcPP CSEC2017005 N/A CSEC 2018 F5 BIG-IP 12.1.3.4 for LTM + AFM FWcPP CSEC2017004 N/A CSEC 2018 HP GIF HCDPP v.1.0 CSEC2017011 EAL 1+ CSEC 2018 File Encryption Protection Profile CSEC2018001 EAL 3+ CSEC 2018 Ubuntu LTS 16.04.4 CSEC2016011 EAL 2+ CSEC 2018 Alcatel-Lucent Enterprise Omniswitch NDcPP CSEC2016007 EAL 1+ CSEC 2017 Blancco File Eraser 8.2 CSEC2017003 EAL 2+ CSEC 2017 Dencrypt Server System version 2.0 CSEC2016012 EAL 2+ CSEC 2017 Dencrypt Talk for the iPhone version 4.2.794 CSEC2016008 EAL 4+ CSEC 2017 Alcatel-Lucent Enterprise Omniswitch CSEC2016005 EAL 2+ CSEC 2016 Oracle Weblogic Server 12.1.3 CSEC2014011 EAL 2+ CSEC 2016 Sony Xperia™ X och Sony Xperia™ X Performance CSEC2016003 EAL 1+ CSEC 2016 Arbit Data Diode 2.0 CSEC2015011 EAL 5+ CSEC 2016 HP MFP M527, M577 & M586 CSEC 2015012 EAL 2+ CSEC 2015 HP M553, M506, M605, M606 CSEC2015002 EAL 2+ CSEC 2015 Logpoint 5.2.5 CSEC2014005 EAL 3+ CSEC 2015 Tutus Färist 4.0, Färist Micro 4.0 CSEC2013002 EAL 5+ CSEC 2015 HP Digital Sender Flow 8500 fn1 Document Capture Workstation CSEC2014009 EAL 2+ CSEC 2015 Blue Coat ProxySG S400 and S500 running SGOS v6.5 CSEC2014004 N/A CSEC 2014 HP MFP M680, M630, X585 CSEC2014003 EAL 2+ CSEC 2014 HP M651, M712, M750, M806, M855 & X555 CSEC2014002 EAL 2+ CSEC 2014 Stonesoft FW-VPN & IPS V5.5 CSEC2013003 EAL 4+ CSEC 2014 HP LaserJet MFP M525 etc. CSEC2014001 EAL 2+ CSEC 2014 HP MFP M4555 & CM4540 CSEC2012003 EAL 2+ CSEC 2013 Smart Card Reader KT2USB/BioSec Reader CSEC2011003 EAL 4+ CSEC 2013 SUSE Linux 11 SP2 on IBM System z BSI-DSZ-CC-0852-2013 EAL 4+ BSI 2013 SUSE Linux Enterprise Server 11 S2 including KVM virtualization BSI-DSZ-CC-0787-2013 EAL 4+ BSI 2012 Red Hat Enterprise Linux Version 6.2 on IBM Hardware BSI-DSZ-CC-0848-2012 EAL 4+ BSI 2012 Red Hat Enterprise Linux Version 6.2 with KVM BSI-DSZ-CC-0754-2012 EAL 4+ BSI 2012 IBM z/OS V1R13 BSI-DSZ-CC-0788-2012 EAL 4+ BSI 2012 IBM AIX 7 for POWER V7.1 BSI-DSZ-CC-0711-2012 EAL 4+ BSI 2012 IBM DB2 V9.1 for z/OS V1R10 BSI-DSZ-CC-0622-2012 EAL 4+ BSI 2012 Cloudshield CS-2000 with CPOS 3.0.3 CCEVS-VR-VID10321-2012 EAL 4+ NIAP 2012 Red Hat Enterprise Linux, Version 5.6 Virtualization with KVM BSI-DSZ-CC-0724-2012 EAL 4+ BSI 2012 IBM GSKIT 8.0.14 CCEVS-VR-VID10394-2011 EAL 4 NIAP 2012 IBM PR/SM for IBM z114 GA1 and z196 GA2 BSI-DSZ-CC-0793-2012 EAL 5+ BSI 2012 IBM RACF for z/OS, Version 1R12 BSI-DSZ-CC-0753-2012 EAL 5+ BSI 2012 StoneGate Firewall/VPN 5.2.5 CSEC2011001 EAL 4+ CSEC 2012 Oracle Database 11gR2 BSI-DSZ-CC-0766-2012 EAL 4+ BSI 2012 Oracle Database 11gR2 Standard Edition and Standard Edition 1, version 11.2.0.2 BSI-DSZ-CC-0765-2012 EAL 4+ BSI 2011 Red Hat JBoss Enterprise Application Platform 5 Version 5.1.0 and 5.1.1 BSI-DSZ-CC-0687-2011 EAL 4+ BSI 2011 IBM z/OS V1R12 BSI-DSZ-CC-0701-2011 EAL 4+ BSI 2011 Wind River Linux Secure 1.0 CCEVS-VR-VID10430-2011 EAL 4+ NIAP 2010 Oracle Enterprise Manager 10g Grid Control Release 5 BSI-DSZ-CC-0621-2010 EAL 4+ BSI 2010 IEEE Standard Protection Profile for Hardcopy Devices in IEEE Std 2600-2008, Operational Environment B, IEEE Std 2600.2-2009 BSI-CC-PP-0058-2010 EAL 2+ BSI 2010 IBM z/OS V1R11 BSI-DSZ-CC-0637-2010 EAL 4+ BSI 2010 Gefäßidentifikationssystem Gassner GWBIS 1.50 BSI-DSZ-CC-0546-2010 EAL 1+ BSI 2010 Operating System Protection Profile (OSPP)Version 2.0 BSI-CC-PP-0067-2010 EAL 4+ BSI 2010 Altair PBS Professional 10.1 BSI-DSZ-CC-0599-2010 EAL 3+ BSI 2010 Apple Mac OS X 10.6 BSI-DSZ-CC-0536-2010 EAL 3+ BSI 2009 Red Hat Enterprise Linux Ver. 5.3 on Dell 11G Family Servers CCEVS-VR-VID10338-2009 EAL 4+ NIAP 2009 Oracle Database 11gR1 Enterprise Edition/Database Vault BSI-DSZ-CC-0588-2009 EAL 4+ BSI 2009 Oracle Database 11gR1 Standard Edition/Label Security BSI-DSZ-CC-0578-2009 EAL 4+ BSI 2009 Oracle Database 11gR1 Standard Edition BSI-DSZ-CC-0578-2009 EAL 4+ BSI 2009 Oracle Database 11gR1 Enterprise Edition BSI-DSZ-CC-0577-2009 EAL 4+ BSI 2009 IBM z/OS V1R10 BSI-DSZ-CC-0534-2009 EAL 4+ BSI 2009 Microsoft Hyper-V BSI-DSZ-CC-0570-2009 EAL 4+ BSI 2009 IBM TIM 5 BSI-DSZ-CC-0556-2009 EAL 3+ BSI 2009 IBM TPM 5.1 BSI-DSZ-CC-0471-2009 EAL 3+ BSI 2009 Red Hat JBoss Enterprise Application Platform 4.3 BSI-DSZ-CC-0531-2009 EAL 2+ BSI 2009 IBM PR/SM z10 EC/BC BSI-DSZ-CC-0557-2009 EAL 5 BSI 2009 IBM TDS 6.2 BSI-DSZ-CC-0535-2009 EAL 4+ BSI 2009 Tutus Färist 2.5.2 CSEC2006001 EAL 4+ CSEC 2008 Cray UNICOS/lc 2.1 VID10217-0007-VR EAL 3+ NIAP 2008 IBM PR/SM z10 EC BSI-DSZ-CC-0460-2008 EAL 5 BSI 2008 Oracle Enterprise Linux 5 Update 1 BSI-DSZ-CC-0481-2008 EAL 4+ BSI 2008 IBM z/VM 5.3 BSI-DSZ-CC-0472-2008 EAL 4+ BSI 2008 IBM WMBV 6.0.0.3 BSI-DSZ-CC-0450-2008 EAL 4+ BSI 2008 IBM AIX 6 BSI-DSZ-CC-0461-2008 EAL 4+ BSI 2008 AppGate Security Server 8.0 BSI-DSZ-CC-0418-2008 EAL 2+ BSI 2008 IBM TDS 6.1 BSI-DSZ-CC-0428-2008 EAL 4+ BSI 2008 SGI RHEL 5.1 CCEVS-VR-VID10286-2008 EAL 4+ NIAP 2008 IBM z/OS V1R9 BSI-DSZ-CC-0459-2008 EAL 4+ BSI 2008 IBM DB2 BSI-DSZ-CC-0286-2008 EAL 3+ BSI 2008 Oracle Database 10g Release 2 BSI-DSZ-CC-0403-2008 EAL 4+ BSI 2008 Oracle Label Security 10g Release 2 BSI-DSZ-CC-0402-2008 EAL 4+ BSI 2008 PKIF V2.1 CCEVS-VR-VID10235-2008 EAL 4+ NIAP 2007 IBM SLES 10 CCEVS-VR-VID10271-2007 EAL 4 NIAP 2007 SUSE Linux 10 SP1 CCEVS-VR-VID10271-2007 EAL 4+ NIAP 2007 IBM GSKIT 7.0.4 CCEVS-VR-07-0039 EAL 4 NIAP 2007 Oracle Enterprise Linux 4 Update 5 BSI-DSZ-CC-0468-2007 EAL 4+ BSI 2007 Oracle Enterprise Linux 4 Update 4 BSI-DSZ-CC-0427-2007 EAL 4+ BSI 2007 HP RHEL5 CCEVS-VR-07-0054 EAL 4+ NIAP 2007 IBM RHEL5 CCEVS-VR-07-0037 EAL 4+ NIAP 2007 IBM z/OS V1R8 BSI-DSZ-CC-0377-2007 EAL 4+ BSI 2007 Océ SRA3 8.02 BSI-DSZ-CC-0369-2007 EAL 3+ BSI 2007 IBM TAMeb 6.0 BSI-DSZ-CC-0343-2007 EAL 3+ BSI 2007 Vanguard Enforcer 7.1 BSI-DSZ-CC-0364-2007 EAL 3+ BSI 2007 IBM TLCM v2.2 FP1 BSI-DSZ-CC-0388-2007 EAL 2+ BSI 2007 SGI RHEL 4 AS CCEVS-VR-07-0007 EAL 3+ NIAP 2007 IBM AIX 5.3 LSPP BSI-DSZ-CC-0396-2007 EAL 4+ BSI 2006 IBM AIX 5.3 CAPP BSI-DSZ-CC-0385-2006 EAL 4+ BSI 2006 Astaro (ASG) V6.1 BSI-DSZ-CC-0356-2006 EAL 2+ BSI 2006 IBM PR/SM LPAR BSI-DSZ-CC-0378-2006 EAL 5 BSI 2006 HP RHEL4 Update 2 CCEVS-VR-06-0020 EAL 3+ NIAP 2006 IBM AIX 5.2 LSPP BSI-DSZ-CC-0303-2006 EAL 4+ BSI 2006 IBM PR/SM z9 109 BSI-DSZ-CC-0324-2006 EAL 5 BSI 2006 IBM TAMOS 5.1 BSI-DSZ-CC-0305-2006 EAL 3+ BSI 2006 IBM z/OS V1R7 BSI-DSZ-CC-0304-2006 EAL 4+ BSI 2006 IBM TDS 6 FP1 IF5 BSI-DSZ-CC-0283-2006 EAL 4+ BSI 2006 IBM TIM 4.6 BSI-DSZ-CC-0237-2006 EAL 3+ BSI 2006 IBM RHEL4 Update 1 CCEVS-VR-06-0009 EAL 4+ NIAP 2005 IBM AIX 5.2I CAPP BSI-DSZ-CC-0302-2005 EAL 4+ BSI 2005 IBM z/VM 5.1 BSI-DSZ-CC-0258-2005 EAL 3+ BSI 2005 SGI SLES9 BSI-DSZ-CC-0292-2005 EAL 3+ BSI 2005 IBM TAMeb 5.1 BSI-DSZ-CC-0285-2005 EAL 3+ BSI 2005 IBM PR/SM z990/890 BSI-DSZ-CC-0279-2005 EAL 5 BSI 2005 IBM PR/SM z990/890 BSI-DSZ-CC-0278-2005 EAL 4 BSI 2005 IBM SLES9 BSI-DSZ-CC-0256-2005 EAL 4+ BSI 2005 IBM z/OS V1R6 BSI-DSZ-CC-0247-2005 EAL 3+ BSI 2004 HP RHEL3 WS BSI-DSZ-CC-0274-2004 EAL 3+ BSI 2004 HP RHEL3 AS BSI-DSZ-CC-0273-2004 EAL 3+ BSI 2004 HP SLES8 BSI-DSZ-CC-0270-2004 EAL 3+ BSI 2004 IBM RHEL3 WS BSI-DSZ-CC-0259-2004 EAL 3+ BSI 2004 IBM RHEL3 AS BSI-DSZ-CC-0257-2004 EAL 3+ BSI 2004 IBM PR/SM z990 BSI-DSZ-CC-0239-2004 EAL 5 BSI 2004 IBM PR/SM z990< BSI-DSZ-CC-0238-2004 EAL 4 BSI 2004 IBM TDS 5.2 BSI-DSZ-CC-0235-2004 EAL 3 BSI 2004 IBM LPAR BSI-DSZ-CC-0225-2003 EAL 4+ BSI 2004 SUSE Linux V8 BSI-DSZ-CC-0234-2004 EAL 3+ BSI 2003 IBM TAMeb 4.1 BSI-DSZ-CC-0222-2003 EAL 3+ BSI 2003 IBM AIX 5.2B BSI-DSZ-CC-0217-2003 EAL 4+ BSI 2003 IBM TDS 5.1 BSI-DSZ-CC-0207-2003 EAL 2 BSI 2003 SUSE Linux V8 BSI-DSZ-CC-0216-2003 EAL 2+ BSI 2002 IBM AIX 5.2 BSI-DSZ-CC-0194-2002 EAL 4+ BSI 2002 Tutus Färist 2.0.2 BSI-DSZ-CC-0182-2002 EAL 3 BSI th|Year Product name EAL Scheme Information li|BSI ( ) in Germany NIAP-CCEVS ( ) in the U.S. CSEC ( ) in Sweden OCSI ( ) in Italy h5|COMMON CRITERIA CERTIFICATIONS Legal pa|Security standards are important, but not necessarily easy to understand. Businesses that want to use those standards require trained employees. They should have a general understanding of security requirements as well as the requirements for their roles. Investing in the training of employees reduces the time required to prepare for certifications. atsec offers education and training in our offices or on-site for the following security topics: We also can provide custom training for your specific needs when required. Instead of classic training we also provide coaching for the following roles: In coaching engagements we support the role holder for a longer period of time and are available as consultants for typical day to day tasks. li|Common Criteria Informations Security Management Systems (ISMS) Virtualisation Cloud-Computing Cryptography, Digital Signatures and PKI FIPS 140-2 Secure Programming Chief Information Security Officer / Information Security Manager Data Protection Officer Internal security auditors h5|EDUCATION, TRAINING AND COACHING CONTACT: Legal h6|More Information: bo|Our Services pa|2021-02-22 atsec would like to congratulate ALE USA Inc. on a successful certification of Alcatel-Lucent Enterprise OmniSwitch with AOS 8.6.4.R11, according to Evaluation Assurance Level 2 (EAL2). The certificate was issued by the Swedish CC Scheme (CSEC) as of February 17th, 2021. The certification is recognized within CCRA. For more information, please visit our list of or the . h5|Alcatel-Lucent Enterprise OmniSwitch with AOS 8.6.4.R11 Common Criteria evaluation successfully certified Legal pa|atsec employees’ expertise is in demand: we are members of international boards, speakers on conferences, and authors of books and articles. Here are some examples of our reports and publications. td|cPP for Network Devices v1.0 [ ] Presentation Scott Chapman CC Scheme Differences 2013 [ ] White Paper Pattinson, Hake, Krummeck, Persson ISO’s Cryptographic Module Work [ ] White Paper Fiona Pattinson Experience with OSPP Evaluations [ ] 13th ICCC Gerald Krummeck IT Security Evaluation in China [ ] 13th ICCC Yi Mao Understanding Information Entropy [ ] White Paper Yi Mao Why and How to Get Cryptographic Modules FIPS Validated [ ] White Paper Yi Mao atsec Newsletter China 04/2012 [ ] Newsletter Various atsec Newsletter USA 04/2012 [ ] Newsletter Various Common Criteria and Packages [ ] White Paper Fiona Pattinson atsec Newsletter Germany 02/2011 [ ] Newsletter Various FRITSA: Do You Understand How all of your IT Security Assurance Efforts fit Together? [ ] ISSA Austin Fiona Pattinson atsec Newsletter China 12/2011 [ ] Newsletter Various From FIPS 140-2 to CC [ ] 12th ICCC Yi Mao Comparative Study Between the Chinese Standards and the Common Criteria [ ] 12th ICCC Mao, Chen, Liu Fighting the Bean Counters [ ] 12th ICCC Gerald Krummeck An Access Control Model for Applications on Mobile Devices using Common Criteria Certifications [ ] 12th ICCC Kurth, Huynh atsec Newsletter USA 10/2011 [ ] Newsletter Various atsec Newsletter China 09/2011 [ ] Newsletter Various InkaVote Plus Source Code Review [ ] Report Various Escrowed Data and the Digital Envelope [ ] Paper King Ables atsec Newsletter Germany 08/2011 [ ] Newsletter Various atsec Newsletter China 06/2011 [ ] Newsletter Various atsec Newsletter USA 07/2011 [ ] Newsletter Various InkaVote Plus Red Team Report [ ] Report Various atsec Newsletter Germany 04/2011 [ ] Newsletter Various Penetration Testing as an Auditing Tool [ ] ISACA Austin Meeting Jeremy Powell Payment Card Industry Assessments & Privacy [ ] IAPP Austin Fiona Pattinson atsec Newsletter USA 02/2011 [ ] Newsletter Various atsec Newsletter Germany 01/2011 [ ] Newsletter Various atsec Newsletter USA 12/2010 [ ] Newsletter Various atsec Newsletter China 11/2010 [ ] Newsletter Various Migrating to OSPP [ ] 11th ICCC Conference Krummeck, Penny, Robinson Improving the Flexibility and Applicability of Protection Profiles [ ] 11th ICCC Conference Helmut Kurth atsec Newsletter Germany 09/2010 [ ] Newsletter Various Untrusted Developers – Code Integrity in a Distributed Development Environment [ ] White Paper Cavness, Kurth, Mueller Are You Prepared to Successfully Pass a PCI-DSS and/or a FISMA Certification Assessment? [ ] SHARE Conference Fiona Pattinson Security Assurance: Contrasting FISMA and ISO/IEC 27001 [ ] White Paper Fiona Pattinson atsec Newsletter USA 02/2010 [ ] Newsletter Various Payment Card Industry Compliance For Large Computing Systems [ ] White Paper Various atsec Newsletter Germany 12/2009 [ ] Newsletter Various KVM Security Comparison [ ] White Paper Stephan Mueller Secure Network Zones [ ] ISSE 2009 Peter Wimmer Evidence based Evaluations Chances and Challenges [ ] 10th ICCC Helmut Kurth Trusting Virtual Trust [ ] 10th ICCC Jeremy Powell Taking White Hats to the Laundry: How to Strengthen Testing in CC [ ] 10th ICCC Apostol Vassilev An Attack Surface based Approach to Evaluation [ ] 10th ICCC Helmut Kurth atsec Newsletter Germany 08/2009 [ ] Newsletter Various Assurance in Implementation Correctness of Cryptographic Algorithms Gained Through the NIST Cryptographic Algorithm Validation Program [ ] White Paper Fiona Pattinson Heiter bis Wolkig [ ] iX – 5/2009 Stephan Mueller Common Criteria: National Validation Scheme Differences: CCEVS, CSEC and BSI [ ] White Paper Pattinson, Hake, Krummeck, Persson Introducing Assurance Measures for Security Target [ ] 9th ICCC, Korea Yi Mao Comparison of CC Functionality & FISMA 800-53 Controls [ ] White Paper Fiona Pattinson Operating System Evaluations – What security functionality is expected [ ] 8th ICCC, Rome Kurth, Farrel (IBM) How To Eat A Mammoth [ ] 8th ICCC, Rome Gerald Krummeck Economical Use of Formal Methods [ ] 8th ICCC, Rome Yi Mao Secure System Design [ ] 8th ICCC, Rome Fiona Pattinson CC in the Real World [ ] 8th ICCC, Rome Fiona Pattinson CC quick reference [ ] atsec document Fiona Pattinson Dumm gelaufen – Stromausfall am Wochenende [ ] Behoerdenspiegel, Germany atsec GmbH A quick quide to the Linux evaluations [ ] White Paper Mueller, Pattinson Certifying Information Security Management Systems [ ] White Paper Fiona Pattinson Wireless Intrusion Detection und Prevention Systeme – Ein Überblick [ ] BSI Kongress 2007, Bonn Matthias Hofherr Wireless Intrusion detection [ ] 14. DFN-CERT Workshop “Sicherheit in vernetzten Systemen” Matthias Hofherr How to Write Site Security Targets [ ] 7th ICCC Conference, Lanzarote Gerald Krummeck Applying the Draft CC Version 3.0 to Linux – Experience from a Trial Evaluation [ ] 7th ICCC Conference, Lanzarote Helmut Kurth Information Security Assurance – Why there’s no single solution [ ] Information Storage + Security Journal Fiona Pattinson th|Topic Event/ Medium Author/ Speaker h5|ARTICLES AND WHITE PAPERS Legal pa|atsec has always been heavily involved in shaping the future of emerging and established information security standards and practices. As a part of this we seek exchange with our peers in the information security field. Here is a selection of the organizations that atsec is associated with:is a member of the following organisations: h5|ATSEC MEMBERSHIPS AND ASSOCIATIONS Legal pa|2021-01-19 The GSMA (Global System for Mobile Communications) organization recognizes atsec’s ISO/IEC 17025 accreditation that now allows network product evaluations against NESAS Security Assurance Specifications (SCAS). The NESAS scheme is a collaboration and jointly led by 3GPP and the GSMA, and is open to all vendors of network equipment products that support 3GPP defined functions. NESAS has been developed to strengthen the level of security in 5G and LTE networks following established best practices and schemes that provide security assurance. NESAS defines security requirements and an assessment framework for secure product development and product lifecycle processes, as well as testing requirements using 3GPP defined security test cases for the security evaluation of network equipment. atsec is the first laboratory that can perform the security assessment of the development and product lifecycle processes, as well as also security evaluation of network equipment. For more information, please visit our portfolio or . h5|atsec is recognized as the NESAS Security Test Laboratory Legal pa|An effective and comprehensible management of risks is the basis for a successful commercial development for all enterprises. The protection of sensitive information is the basis for long-term trustworthy relationships with customers, partners and investors. Information Security Management Systems based on ISO 27001 provide an internationally accepted way to protect important data and business processes. atsec has successfully designed and implemented numerous ISMS for medium and large companies. Lean processes, intelligible guidelines and meaningful security measures ensure the efficiency of the atsec developed ISMS. This includes: To initialize an ISMS project we start with a readiness assessment. An experienced consultant analyses the current state on-site to get a good understanding of your current processes and measures. This provides a rating of your current compliance status. The result of the readiness assessment contains a plan for the implementation of a fully compliant ISMS as well as a sound estimation of efforts that shows the expected internal efforts as well as consulting efforts required for the implementation. li|Implementation and maintenance of ISMS based on ISO 27001. Development of a central management system that combines various management systems (ISMS, Quality Management System (QMS), Data Protection Management System (DPMS)) for maximum efficiency. Support in the selection and deployment of information security measures. Support of the integration of further requirements into the ISMS, for example PCI-DSS or SOX/Euro-SOX. h5|INFORMATION SECURITY MANAGEMENT SYSTEMS (ISMS) CONTACT: Legal h6|MORE INFORMATION: bo|Our Services pa|atsec AB atsec AB atsec AB h5|ATSEC CERTIFICATIONS AND ACCREDITATIONS Legal bo|Common Criteria Evaluation Laboratory ISO/IEC 27001 ISO9001 pa|The PCI services are offered through atsec China office, a subsidiary of atsec information security. If you are interested in the service for in depth description of the service. h5|PCI Security Assessments and Consulting Services CONTACT: Legal h6|AUTHORITATIVE WEBSITE: