As a leading provider of security IP, Rambus invests time and effort in certification, and we are pleased to announce that Rambus headquarters in San Jose, California has been Common Criteria certified by TÜV Rheinland. Read on to find out more about Common Criteria and the benefits this certification brings to Rambus security IP customers!
What is Common Criteria certification?
The Common Criteria for Information Technology Security Evaluation, known as Common Criteria or CC, is an international standard (ISO/IEC 15408) for computer security. Common Criteria provides an objective evaluation that validates whether a product or site satisfies a defined set of security requirements.
Common Criteria operates using Evaluation Assurance Levels or EAL ranging from EAL1 to EAL7. EAL4 to EAL7 are the highest levels of certification. However, it is important to keep in mind that a higher level of CC evaluation does not mean a higher level of security, only that a product or site went through more tests. The responsibility for final product certification remains with the manufacturer of a product.
Why is certification important?
As more and more of our daily activities take place online using devices that collect and exchange our most valuable personal data, we rely on products meeting high security standards.
Certification is a key part of security as it provides evidence that a product meets or has achieved compliance with specific standards developed, reviewed, and maintained by independent organizations.
Stuart Kincaid, Director Systems Architecture and Certifications at Rambus, recently gave a presentation at the Rambus Design Summit which highlighted the importance of certifying security solutions to meet the increasing demand for trust and the many benefits that certification brings to the entire ecosystem.
What were the results of the Rambus HQ Common Criteria evaluation?
Rambus headquarters in San Jose, California has successfully completed the Common Criteria Security evaluation as certified by TÜV Rheinland [link to PDF Rambus_HQ_Common_Criteria_Certificate.pdf]. The evaluation provides evidence that the site meets the EAL4+ assurance level for Life Cycle Support (ALC_CMC.4, ALC_CMS.4, ALC_DVS.2 at AVA_VAN.5 level, ALC_LCD.1, ALC_DEL.1, and ALC_TAT.1).
The Site Technical Audit Report (STAR) contains information necessary to an evaluation lab and certification body for the reuse of the site audit report in a Target of Evaluation (TOE) and demonstrates that Rambus develops, tests, and produces its hardware IP for use in secure IC hardware products.
How does this certification benefit Rambus security IP customers?
There are many customer benefits to the Rambus HQ CC certification. The fact that Rambus HQ is CC certified means that our customers do not need to separately audit the Rambus development facility. This saves valuable time during the product development process and greatly simplifies the certification process for their end products.