 |
|
|
 |
 |
 |
 |
 |
 |
 |
 |
Validation Authority - Third Party Verification and Open StandardsTumbleweed is committed to obtaining and maintaining independent third-party verification and certification of the Validation Authority product line. Independent testing and certification labs look at products from various perspectives, depending on the nature of the certification. Each verification process takes significant time, resources, and perseverance to see through to completion. Third party testing ensures that the VA products provide the highest level of security, and that the algorithms and protocols implemented are as per specifications. The Validation Authority has obtained more third-party verification and certification than any other PKI product, meaning customers can be confident that their investment in the VA product line will truly meet all of their security and trust requirements. FIPS 201
FIPS 140-1
Common Criteria Evaluation
DOD DISA JITC Compliant
Entrust Ready
Entrust TrustedPartners are recognized for their commitment to delivering increased value to Entrust customers. Tumbleweed has demonstrated interoperability between the Tumbleweed Validation Authority OCSP Responder and Entrust Authority Security Manager. Validation of Entrust enrolled client certificate credentials (in the context of signed email messages) via OCSP messages with the Tumbleweed Validation Authority is achieved with the help of the Tumbleweed Desktop Validator.
Federal Bridge Qualified
IdenTrust
Open Standards and TechnologiesAdditionally Tumbleweed is committed to open standards and technologies because we believe the transparency and interoperability afforded by open standards and technologies means maximum return on investment for our customers. Tumbleweed has actively participated in numerous standards bodies over the years. Tumbleweed co-authored the IETF Online Certificate Status Protocol (OCSP) specification. Tumbleweed also introduced an innovative Repeater-Responder architecture and published a specification for the distribution of OCSP response caches. The VA product line is based on widely adopted open standards and technologies, including the following.
|
Validation Authority ProductsValidation Authority Server Server Validator Desktop Validator Validator Toolkit Industry SolutionsAdditional Information |
FIPS 201 (Federal Information Processing Standards Publication 201) is a federal standard that specifies Personal Identity Verification requirements for Federal employees and contractors. It was developed to satisfy the technical requirements of HSPD 12.
Federal Information Processing Standard 140-1(FIPS 140-1) is a standard that describes US Federal government requirements that IT products should meet for Sensitive, but Unclassified (SBU) use. The standard was published by the National Institute of Standards and Technology (NIST), has been adopted by the Canadian government's Communication Security Establishment (CSE), and is likely to be adopted by the financial community through the American National Standards Institute (ANSI).
An international initiative by CSE ( Canada), SCSSI (France), BSI ( Germany), NLNCSA ( Netherlands), CESG (UK), NIST (USA) and NSA (USA), the Common Criteria (CC) are used for evaluation of IT security within the international community. The CC presents requirements for the IT security of a product or system under the distinct categories of functional requirements (CC Part 2) and assurance requirements (CC Part 3). The CC functional requirements define desired security behavior. Assurance requirements are the basis for gaining confidence that the claimed security measures are effective and implemented correctly. The VA is being evaluated for compliance with the “Certificate Issuing and Management Components Family of Protection Profiles, Security Level 3” 
The Joint Interoperability Test Command (JITC) PKI Test Laboratory performs interoperability testing and certification for Public Key Enabled (PKE) products according to the Department of Defense (DOD) PKI requirements. The DOD PKI PMO established the JITC PKE Certification Lab as an independent testing capability to perform interoperability testing on PKE applications. It is DOD policy that enabled applications be tested to ensure interoperability and compatibility with the DOD PKI.
Entrust is a world-leading provider of Identity and Access Management solutions. Governments and global enterprises have deployed Entrust security software and services to help improve their productivity and return on investment within a framework of information security and privacy compliance.
The Federal Bridge enables interoperability among Federal agencies with their own PKI through cross-certification with the Federal Bridge Certificate Authority. In order to validate digital certificates in the Federal Bridge environment, solutions must implement sophisticated path discovery and validation functionality to locate the correct certificate trust chain (Path Discovery) and determine the validity and status of these trust relationships. To ensure compatibility and interoperability of such solutions within the Federal Bridge environment, the National Institute of Standards and Technology (NIST) designed the Public Key Interoperability Test Suite (PKITS) and the Path Discovery Test Suite for use in evaluating and qualifying certificate validation solutions. Based on these test results, the Federal Public Key Infrastructure (PKI) Policy Authority’s Path Discovery and Validation (PD-Val) working group has qualified the Tumbleweed Validation Authority™ (VA) and Desktop Validator™ (DV) for Federal government agencies cross-certifying with the Federal Bridge. 
IdenTrust™ Inc. is a global leader in Trusted Identity solutions endorsed by global financial institutions, government agencies, and commercial entities in 160 countries. As the only government regulated, bank-endorsed identity company, IdenTrust provides a worldwide network of trusted credentials based on global standards. The IdenTrust™ Compliant program is a certification program designed to certify that products or services are in accordance with IdenTrust specifications and interoperability requirements. |
 |