These new Protection Profiles embody the requirements that are to be met by a specific technology type in Common Criteria evaluations. The Mobile Device Protection Profile (MDPP) contains the security functional requirements for mobile devices such as smartphones and tablets. The Mobile Device Management Protection Profile (MDMPP) includes the security functions to be evaluated including key protection, protected communications, mobile device configuration, and administration.
Cryptographic support functions are critical requirements in these new Protection Profiles, as anticipated. It is important to note that while many vendors pursue both Common Criteria certification and FIPS 140-2 validation, the latter does not automatically satisfy the former. The encryption requirements in these new Protection Profiles reflect certain standards imposed by NIST for FIPS 140-2, but they are not interchangeable.
We are proud to present a white paper explaining the cryptographic elements of these new Protection Profiles, available for immediate download. This paper also presents information on how CryptoComply, our drop-in module, addresses and meets each encryption requirement for the MDPP and MDMPP and discusses the benefits of leveraging the crypto module. CryptoComply integration is streamlined, designed to eliminate the several engineer-years it would take to build and implement these functions.
For SafeLogic customers who integrate CryptoComply, drop-in compliance is just the first advantage. RapidCert is a huge differentiator for those who seek FIPS 140-2 validation, while CryptoComply Professional Services brings SafeLogic’s expertise to the table, whether that entails custom software development, Common Criteria consulting, or something else altogether. Our goal is to make these processes as easy as possible.