nCipher, Red Hat secure Common Criteria standard for Red Hat Certificate System using nShield hardware security modules

nCipher Security, an Entrust Datacard company and provider of trust, integrity and control for business-critical information and applications, announced Thursday that Red Hat achieved Common Criteria validation for its Red Hat Certificate System using nCipher nShield hardware security modules (HSMs).

The international Common Criteria (CC) standard was developed to unify and supersede national IT security certification schemes from different countries, including the US, Canada, Germany, UK, France, Australia, and New Zealand. Common Criteria certified solutions are required by governments and enterprises around the globe to protect their mission-critical infrastructures.

The Red Hat Certificate System is a public key infrastructure (PKI) used by some of the world’s largest organizations to manage user identities and help keep communications private. 

PKIs are the hardware, software, policies, procedures and processes that issue and manage digital credentials across enterprise systems. PKIs are underpinned by a Certificate Authority (CA), a core component responsible for establishing a hierarchical chain of trust. Consequently, they are often the focus of sophisticated, targeted attacks.

To obtain its Common Criteria certification, Red Hat was required to protect the critical root CA keys with FIPS 140-2 Level 3 certified hardware – the industry benchmark in cryptographic security. A long-standing nCipher partner, Red Hat used the nShield HSM to meet this requirement and provide a root of trust.

The new certified system offers joint customers a root of trust for the protection of cryptographic signing keys underpinning the Red Hat Certificate System. As customers embrace new digital initiatives such as the Internet of Things (IoT), PKIs are being deployed to support the increasing volume of digital certificates needed to validate the identities of devices and applications.

“The use of nCipher nShield HSMs is a best practice to provide a root of trust for business-critical applications, facilitating customer compliance with ever stricter data security and privacy regulations,” said John Grimm, senior director of strategy and business development, nCipher Security. “According to the 2019 Global Encryption Trends Study, the use of HSMs grew at a record year-on-year level, from 41% in 2018 to 47%, indicating a requirement for a hardened, tamper-resistant environment with higher levels of trust, integrity and control for both data and applications. In its ongoing collaboration with nCipher, Red Hat continues to proactively address customer security needs in both enterprise and cloud environments.”

“We’re pleased to have worked with nCipher Security to achieve Common Criteria certification for Red Hat Certificate System 9.4,” said Amy Farley, product manager, Identity Management, Red Hat. “nCipher nShield HSMs helped us to more effectively meet the required levels of IT security for sensitive and classified environments as we pursued the certification.”

Earlier this year, nCipher announced that its nShield HSMs support Red Hat’s integration of the OpenStack Key Management System, derived from the community project Barbican. This facilitates more secure storage, transport and management of secrets and keys used by applications deployed on the Red Hat OpenStack Platform. 

Collaborating together, nCipher and Red Hat give customers the ability to more effectively adopt an enhanced cloud security strategy. nShield HSMs already integrate with Red Hat Certificate System, a scalable platform for public key infrastructure.

The integration of nShield HSMs with the OpenStack Key Management System delivers uniform control and scalability, enabling sensitive key material to be safeguarded within a secure boundary. 

nShield Connect HSMs also provide a FIPS 140-2 Level 3 and Common Criteria EAL 4+ root of trust for Red Hat OpenStack Platform, and perform critical operations such as key generation, lifecycle management and revocation. With these certifications, customers can use this solution to meet or exceed several regulatory baselines, including FedRAMP High, FISMA and ANSSI.

IoT Innovator Newsletter

Get the latest updates and industry news in your inbox! Enter your email address and name below to be the first to know.