WinMagic’s SecureDoc Earns Common Criteria EAL 4 Certification

July 31, 2007; 08:38 PM

Mississauga, Ontario – WinMagic Inc. (www.winmagic.com), the innovative leader in full-disk encryption, is proud to announce that SecureDoc has earned Common Criteria Evaluation Assurance Level 4 (EAL 4) Certification.  The certification was performed by DOMUS IT Security Laboratory, a division of Nuvo, which is accredited to perform Common Criteria evaluations on behalf of the Communications Security Establishment.  The successfully-completed testing assures SecureDoc users and the WinMagic customer base, within and outside of the government sector, that SecureDoc has gone through a strenuous and rigorous testing process and conforms to IT security standards sanctioned by the International Standards Organization (ISO 15408).  In providing a broad range of evaluation criteria for many types of commercial and government-grade IT security products, EAL 4 is the highest level that is recognized in over 20 countries worldwide.
“We are extremely proud that WinMagic entrusted DOMUS to perform this important evaluation for the SecureDoc product,” said Phil Weaver, President and CEO of Nuvo.  “Our depth of experience allowed us to assist WinMagic throughout the process so that they could obtain successful certification in a timely manner,” continued Weaver.  “Common Criteria certification is a significant accomplishment due to the security and process assurance requirements imposed by the Common Criteria, and we are pleased that our experience with disk encryption technology has allowed us to help WinMagic achieve several key certifications, including FIPS 140-2, BITS and, now, Common Criteria.” 
With this certification, WinMagic can unequivocally state that SecureDoc implements the following Security Policies:

• Access Control:  Implements a set of rules that determines what kind of access an authenticated user has to a security-relevant object
  
• Identification and Authentication:  Requires a user to authenticate at pre-boot prior to any other actions involving encryption/decryption access of protected data
  
• Cryptographic Keys Management:  Denies access to cryptographic keys and encrypted data unless the user is successfully authenticated and has appropriate privileges
  
• Audit Security:  Tracks and saves security related transactions and saves them in a protected storage area. The audit log is restricted and can only be viewed by authorized users. The audit information provides a time stamp as to when the transaction was filed, and the event information of the transaction

The evaluation analysis activities involved a structured evaluation of SecureDoc, including the following areas: configuration management, secure delivery and operation, design documentation, guidance documents, life-cycle support, and vulnerability assessment per the Common Evaluation Methodology for Common Criteria version 2.3.

“We are pleased that our product SecureDoc has earned this prestigious certification, which provides assurance that SecureDoc meets the most stringent of requirements for government and enterprise customers,” said Thi Nguyen-Huu, CEO, WinMagic.  “This certification underscores WinMagic’s commitment to protect its customer investment in full-disk encryption by demonstrating a strategic and long-term dedication to the quality of our product development, to the quality of assurance, and to the quality of the formal documentation process.”

The Common Criteria is meant to be used as the basis for evaluation of security properties of IT products and systems.  By establishing such a Common Criteria base, the results of an IT security evaluation will be meaningful to a wider audience.  This announcement today underscores WinMagic’s commitment to the Common Criteria process and to open standards.  This milestone compliments the ongoing advances in software quality, robustness, and functionality ultimately benefiting organizations serious about security, not though obscurity.