Kemp Technologies Blogs

LoadMaster Common Criteria Certification

Doug Barney | Posted on | Load Balancer

IT decision-makers and purchasing managers are constantly pressured to purchase the best solutions within the budgets available. The marketplace for IT solutions offers many choices that can be overwhelming at times. Trusted IT service providers and resellers can provide a filter to offer the best products to an organization, but most leaders making purchasing decisions like to have independent verification that the solutions they are considering will deliver what they need. 

A way to provide this reassurance is via trusted standards. One such standard that is international in scope and applicable to network cybersecurity solutions like Progress LoadMaster is the Common Criteria for Information Technology Security Evaluation standard — commonly known for simplicity as Common Criteria. LoadMaster was certified at the collaborative Protection Profile for Network Devices Version 2.2e in January 2023.

What is Common Criteria Certification?

Common Criteria is a set of international standards (primarily ISO/IEC 15408-1:2022 through 15408-5:2022) whose goal is to provide a formal set of requirements for the security functionality of IT products as well as assurance measures that provide a common evaluation framework. The evaluation results are intended to help organizations choose IT products that meet their security needs. 

Common Criteria and a companion standard called the Common Methodology for Information Technology Security Evaluation (CEM) form the technical underpinnings of an international agreement called the Common Criteria Recognition Arrangement (CCRA). Together these standards and international agreements ensure that:

  • Competent and independent licensed laboratories can evaluate products to determine whether they provide particular security properties, and the level they attain.
  • The certification of the security properties of any evaluated product can be issued by several Certificate Authorizing Schemes, with this certification based on the result of their evaluation.
  • Certificates that get issued in one jurisdiction are recognized by authorities in other CCRA member states.  

Full details are available on the Common Criteria portal website.

LoadMaster Attains Common Criteria Certification

As mentioned, LoadMaster was certified at the collaborative Protection Profile for Network Devices Version 2.2e in January 2023. 

LoadMaster Protection Profile certification shows that it provides the standard set of security requirements for a network security product as defined within the Common Criteria. You can read more about LoadMaster Common Criteria certification via https://support.kemptechnologies.com/hc/en-us/articles/13150584197005-LoadMaster-Common-Criteria-Conformance/. The official LoadMaster Common Criteria certificate can be viewed as a PDF at https://www.commoncriteriaportal.org/files/epfiles/st_vid11280-ci.pdf.

Configuring LoadMaster for Common Criteria Certification

A LoadMaster systems Admin needs to make a few configuration changes to enable the Protection Profile that Common Criteria certification requires. The setup requires setting a minimum password length, selecting, and setting security ciphers for several actions, configuring security remote logging, disabling SSH access, enabling OCSP Checking and Stapling, and a few other configuration changes — eleven in total. You can find the full details and a script to follow at https://support.kemptechnologies.com/hc/en-us/articles/10116001458445-Configuring-LoadMaster-for-Common-Criteria-Conformance.

Configuring LoadMaster to support Common Criteria is straightforward for a LoadMaster Admin. But the bottom line for IT leaders and decision-makers is that they can approve the purchase and deployment of LoadMaster in the knowledge that it is a Common Criteria certified solution.

Find Out More

Common Criteria certification is the latest in a long list of features and reasons why LoadMaster is the best choice for many organizations when deploying a solution to deliver enhanced application security, availability, and performance. Take our 30-day trial to see how easy it is to deploy, configure and manage a Common Criteria certified Load Balancer.

Visit the Virtual LoadMaster Free Trial page at https://kemptechnologies.com/vlm-download to test drive the world’s most popular virtual load balancer

 


Tags

Certification Common Criteria certification Load Balancer Load Balancing Security