Third Party Security Certifications

DBsign® has undergone rigorous testing and evaluation by independent third parties.

NIAP CCEVS Logo 150px

NIAP Common Criteria Validation. The Common Criteria is an internationally recognized set of security evaluation criteria that was developed by the National Security Agency (NSA). It replaces the older Trusted Computing Security Evaluation Criteria (TCSEC, aka, the “Rainbow Series”, or “Orange Book”). DoD directive 8500.1 mandates that all security products used in DoD be validated under the Common Criteria. DBsign® was the first and is still the only digital signature product to be NIAP Common Criteria Validated. DBsign® 4.0 is also the first and currently the only digital signature product to be validated against DoD's Protection Profile for Public Key Enabled Applications which outlines the security requirements for applications which use PKI technologies. DBsign's NIAP CCEVS validation information can be found on the NIAP CCEVS Validated Products website.

JITC Logo 150px

DoD Joint Interoperability Test Command PKE Interoperability Certification. DBsign® has been certified through JITC PKE interoperability validation multiple times, each time passing with zero defects. DoD JITC PKE certification ensures that DBsign® is fully interoperable with DoD's Public Key Infrastructure. A major component of JITC PKE testing is the NIST Public Key Infrastructure Test Suite (PKITS), which ensures that DBsign® correctly performs certificate path validation according to the relevant security standards. DBsign's JITC PKE Certification information can be found on the JITC PKE Validated Products website.

FIPS 140-2 Validated Logo 150px

FIPS 140-2 Validated Cryptography. DBsign®, itself, is not a cryptographic module and as such cannot be directly validated under the FIPS 140 specification. However, DBsign can use a variety of cryptographic modules which HAVE been FIPS 140 validated, and the use of FIPS 140 validated modules is a requirement of both NIAP CCEVS and JITC PKE evaluation. Such modules include:

(“FIPS 140-2 Inside”. "TM: A Certification Mark of NIST, which does not imply product endorsement by NIST, the U.S. or Canadian Governments")