DriveLock received Common Criteria EAL 3+ certification

Munich 07/04/2021 - DriveLock's Device Control and Application Control solutions received Common Criteria certification from the independent Swedish CSEC authority.

This EAL 3+ certification attests to the high trustworthiness of DriveLock Agent 2019.2. The Evaluation Assurance Level 3+, which is based on a specified set of configurations, not only confirms the high product quality - the DriveLock product was methodically tested and verified during the two year certification process. It also certifies the high quality of DriveLock's software development processes.

Important for public enterprises and critical infrastructure

The certification is recognized by the German Federal Office for Information Technology BSI, as well as government institutions, authorities and critical infrastructures, which are required to use certified security solutions. Thus, DriveLock once again confirms that its products meet the highest security requirements even in critical IT infrastructures with sensitive data. With the Level 3+, DriveLock is almost unique in the competitive comparison of similar providers.

DriveLock maintains the same high standards across its products in the development of its current  versions as version 2019.2 SP1, which is the certified version. This is proven by DriveLock's continuous development of its "DiskEncrypt", the encryption software which is approved by the BSI for VS-NFD/NATO RESTRICTED workstations.

Common Criteria attest to trustworthiness and functional scope

The Common Criteria (CC) for International Security are an internationally recognised standard that can be used to evaluate and test the security of IT products according to general criteria. The scope of functions and the trustworthiness of the products are examined. 

Content of the evaluation

The object of evaluation (TOE = target of evalution) was the DriveLock Agent 2019.2 software (Device Control and Application Control), Service Pack 1 and the associated documentation. In detail, the application and device control software for use on workstation PCs with a Windows 10 (64bit) operating system was examined. Their main functions are:

• Blocking unwanted devices, preventing unwanted data import or export and possible system compromise by malicious devices.
• Blocking the execution of unwanted applications, preventing system degradation and other undesirable effects that could be caused by these applications.
• Auditing events that trigger the above-mentioned security functions.
  
  

The evaluation facility

The evaluation was performed by atsec information security AB in Danderyd, Sweden, in accordance with the requirements of Common Criteria (CC), version. 3.1 release 5.

Atsec information security AB is a licensed evaluation facility for Common Criteria under the Swedish Common Criteria Evaluation and Certification Scheme. Atsec information security AB is also accredited by the Swedish Accreditation Body to ISO/IEC 17025 for Common Criteria.

The certificate and report can be viewed on the FMV website.