2 minute read time

Standards Matter with First FPE Solution to Achieve Common Criteria

by   in Cybersecurity

Guest Post by Marcelo Delima, Data Security 

We have the pleasure to announce that Voltage SecureData Enterprise Common Criteria certification meets critical standards for GDPR and government requirements now for Format-preserving Encryption (FPE) – arguably the most important internationally-recognized certification for security products. Moreover, it's the first FPE solution to achieve the Common Criteria. The solution is now certified in all 28 nations that recognize Common Criteria, which include 8 of the 10 largest economies in the world and 15 EU member countries. 

cc2.pngCommon Criteria certification is critical for government customers who value high security assurance across the globe, and also provides a strong, credible validation for enterprise customers globally complying with legislation such as the General Data Protection Regulation (GDPR). While not mandated in the GDPR itself, having an independent seal of approval by a recognized authority is extremely important – auditors prefer certified solutions from recognized labs with international acceptance. 

For those unfamiliar, Common Criteria (CC) is an international set of guidelines and specifications developed for evaluating information security products, specifically to ensure they meet an agreed-upon security standard for government deployments. This framework provides confirmation that the development, evaluation and validation of an IT product has met specific security standards in accordance with an independent assessment accepted by the most security-conscious customers. Once a product is validated by a certified lab in one of the authorizing countries, all member countries recognize the certification. 

The certification of  Voltage SecureData Appliance (SDA) v6.4 and SecureData Simple API v5.10 at the Common Criteria EAL2 level once again demonstrates our commitment to meeting the highest levels of security accreditation. This rigorous evaluation process follows in the footsteps of the FIPS validation of SecureData, again a first for an FPE product, and the NIST standardization of FF1 Format-Preserving Encryption (FPE). Putting it all together, there is no product in the market that can come close to matching all the peer review, validation against standards, and Voltage patented innovations that prove the high trust assurance of Voltage SecureData security. 

This certification encompasses all SecureData solutions that leverage the SecureData appliance and simple APIs, including SecureData for Hadoop and IoT, SecureData Cloud, Securedata Payments and all deployments of SecureData Enterprise. SecureData is currently used by six of the top eight U.S. payment processors; nine of the top ten U.S. banks; and major global enterprises across the telecom, energy, finance, transportation, retail, insurance, high tech, public sector, and healthcare industries. Essentially any industry where sensitive data requires protection! 

With leading organizations demanding data-centric security, some questionable vendors have rushed to market with a range of proprietary solutions, including implementations of FPE which have verified weaknesses. It’s critical when determining your data protection and privacy strategy to choose a standards-based and fully-approved solution. 

Standards matter for reliable security and ongoing compliance audits, especially when complying with privacy and security regulations, such as the Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and Accountability Act (HIPAA), and emerging regulation including the GDPR and NY DFS cybersecurity regulations. This announcement is another example of why it is important to complete a peer review for independent validation of security assurance and prove your solution strength or be left wondering if the next risk security breach will be your organization’s next headache. Contact Micro Focus today to learn more!


Data Privacy and Protection