compliance

Utimaco Hardware Security Modules (HSMs) help address compliance and certification requirements

Complexity of security requirements calls for independent evaluations to prove compliance

Cyber security is an extremely complex domain, with demanding requirements from many different fields of application. Sophisticated products and services fulfill these requirements. Obviously, small companies and individual users of such solutions are often not able to verify their quality and level of security, and thus their compliance. Therefore, companies need independent third parties such as regulators and certification bodies to play a role. They work on technical, organizational and process requirements. In addition, they look at secure identification of users or devices, and the aspects of authenticity, integrity and data protection.

First, they analyze what is needed for specific applications. Second, laws, regulations and standards – whether national, international or industry-specific – set out very precise requirements businesses must comply with. Independent, third-party evaluation bodies subsequently evaluate products and services against these pre-defined requirements. Finally, evaluations and certifications ensure the products and services are of the highest quality and have the highest possible level of security.

HSMs help address compliance and certification requirements

Requirements often include mechanisms such as authentication, encryption, digital signing, or public key infrastructures. Together with these requirements, regulators either recommend or demand the use of HSMs. As a rule, HSMs provide the highest level of security to generate, store, manage and decommission cryptographic keys securely. And as such, in a majority of cases, HSMs can help achieve compliance with regulations and standards.

Utimaco HSMs excell during FIPS 140-2 and Common Criteria (CC) evaluations, proving they have the very highest security standards. The successful evaluation of Utimaco HSMs by independent certification bodies builds and strengthens trust in our products. Partners and customers can be certain that they are relying on the most secure HSM solutions of the highest quality.

We have been awarded various national and international certifications for all of our models:

CSe-Series:

• FIPS 140-2 Level 3, Physical Security Level 4
• PCI HSM
• DK, Zulassung Deutsche Kreditwirtschaft (certification by the German banking industry committee)
• German Technical Guideline BSI TR-03109, Certificate Policy of the Smart Metering PKI

Se-Series Gen2

• FIPS 140-2 Level 3
• Common Criteria acc. Protection Profile EN 419221-5, eIDAS security targets (evaluation in progress)

In addition, Utimaco HSMs are the most suited to meet numerous regulatory requirements across different industries and different countries.

Together with our partners, we address the compliance and certification areas below, among others.

Are your compliance or certification requirements not included in this selection?

Get in touch with us at hsm@utimaco.com or via the below contact form to discuss your requirements. We will jointly find a solution and partner(s) that can cater to your needs.