WinMagic’s SecureDoc Earns Common Criteria EAL 4 Certification

July 31, 2007; 02:36 AM

Mississauga, Ontario – WinMagic Inc. (www.winmagic.com), the innovative leader in full-disk encryption, is proud to announce that SecureDoc has earned Common Criteria Evaluation Assurance Level 4 (EAL 4) Certification.  The certification was performed by DOMUS IT Security Laboratory, a division of Nuvo, which is accredited to perform Common Criteria evaluations on behalf of the Communications Security Establishment.  The successfully-completed testing assures SecureDoc users and the WinMagic customer base, within and outside of the government sector, that SecureDoc has gone through a strenuous and rigorous testing process and conforms to IT security standards sanctioned by the International Standards Organization (ISO 15408).  In providing a broad range of evaluation criteria for many types of commercial and government-grade IT security products, EAL 4 is the highest level that is recognized in over 20 countries worldwide.

“We are extremely proud that WinMagic entrusted DOMUS to perform this important evaluation for the SecureDoc product,” said Phil Weaver, President and CEO of Nuvo.  “Our depth of experience allowed us to assist WinMagic throughout the process so that they could obtain successful certification in a timely manner,” continued Weaver.  “Common Criteria certification is a significant accomplishment due to the security and process assurance requirements imposed by the Common Criteria, and we are pleased that our experience with disk encryption technology has allowed us to help WinMagic achieve several key certifications, including FIPS 140-2, BITS and, now, Common Criteria.” 

With this certification, WinMagic can unequivocally state that SecureDoc implements the following Security Policies:

• Access Control:  Implements a set of rules that determines what kind of access an authenticated user has to a security-relevant object
  
• Identification and Authentication:  Requires a user to authenticate at pre-boot prior to any other actions involving encryption/decryption access of protected data
  
• Cryptographic Keys Management:  Denies access to cryptographic keys and encrypted data unless the user is successfully authenticated and has appropriate privileges
  
• Audit Security:  Tracks and saves security related transactions and saves them in a protected storage area. The audit log is restricted and can only be viewed by authorized users. The audit information provides a time stamp as to when the transaction was filed, and the event information of the transaction

The evaluation analysis activities involved a structured evaluation of SecureDoc, including the following areas: configuration management, secure delivery and operation, design documentation, guidance documents, life-cycle support, and vulnerability assessment per the Common Evaluation Methodology for Common Criteria version 2.3.

“We are pleased that our product SecureDoc has earned this prestigious certification, which provides assurance that SecureDoc meets the most stringent of requirements for government and enterprise customers,” said Thi Nguyen-Huu, CEO, WinMagic.  “This certification underscores WinMagic’s commitment to protect its customer investment in full-disk encryption by demonstrating a strategic and long-term dedication to the quality of our product development, to the quality of assurance, and to the quality of the formal documentation process.”

The Common Criteria is meant to be used as the basis for evaluation of security properties of IT products and systems.  By establishing such a Common Criteria base, the results of an IT security evaluation will be meaningful to a wider audience.  This announcement today underscores WinMagic’s commitment to the Common Criteria process and to open standards.  This milestone compliments the ongoing advances in software quality, robustness, and functionality ultimately benefiting organizations serious about security, not though obscurity.

Designed from the ground up to seamlessly integrate with all editions of Microsoft Windows Vista/XP/2000 at preboot, SecureDoc prevents unauthorized access to personal identifiable information and sensitive data resulting from lost notebooks, USB thumb drives, CD/DVDs, and USB flash drives.  Working at the pre-boot level, SecureDoc makes it simple to incorporate single- or multi-factor authentication through passwords, USB tokens, smart cards, biometrics, and PKI technology.  For a list of smart cards and readers supported by SecureDoc, visit http://www.winmagic.com/solutions/third-party-integration.html.

About WinMagic Inc.
WinMagic’s robust and innovative SecureDoc software provides the world’s most secure full-disk encryption. Easy to use, deploy, and manage, SecureDoc Enterprise Edition makes it simple to combine full-disk encryption with user authentication at pre-boot. Authentication is provisioned in a single- or multi-factor fashion including password, smart card, TPM, hardware token, PKI, and biometrics. SecureDoc protects data at rest for endpoint devices including desktops, notebooks, external USB drives, and CD/DVDs. WinMagic’s data at rest solution provides granular capabilities of end-user management at an enterprise level through integration with MS Active Directory, LDAP servers, or PKI. SecureDoc’s unparalleled robustness, operability, and performance allows for easy enterprise deployments offering centralized administration with remote installation, and password recovery. Headquartered in Mississauga, Canada, WinMagic operates in over 43 countries. For more information on products or services, please visit www.WinMagic.com, call 1-888-879-5879, or email [email protected].