RSA Identity Governance and Lifecycle Receives Common Criteria Certification

Common Criteria certification demonstrates that RSA Identity Governance and Lifecycle meets rigorous, pre-defined regulatory requirements.


  • RSA® Identity Governance and Lifecycle 7.0 (inclusive of applicable service packs) receives Federal certification
  • Gives government and private sector customers assurances that product meets rigorous, pre-defined regulatory requirements

BEDFORD, MA – July 5, 2017 — RSA, a Dell Technologies business, announced that it has received the Common Criteria certification for RSA Identity Governance and Lifecycle 7.0 as outlined in the National Information Assurance Partnership (NIAP) and Protection Profile for Enterprise Security Management – Policy Management. Certification is designed to validate product development processes, documentation, product testing and security of the product. RSA Identity Governance and Lifecycle is compliant to the Protection Profile for Enterprise Security Management - Identity and Credential Management Version 2.1.

RSA Identity Governance and Lifecycle is designed to provide organizations with the ability to act with insight to reduce identity-based risks and drive informed security decisions. The solution is created to simplify how access is governed and streamlines access requests and fulfillment to deliver continuous compliance assurance by automating the management of user entitlements throughout the user's lifecycle.

"Knowing who has access to data and applications, how they received that access and having an audit trail to prove it is appropriate access is critical to ensuring organizations are managing their identity risks – especially in today's constantly changing technical landscape," said Jim Ducharme, Vice President, Identity Products, RSA. "This Common Criteria designation gives public- and private-sector customers a higher level of confidence in RSA Identity Governance and Lifecycle's ability to help them both mitigate identity risk and control access to their critical applications and information assets."

Common Criteria is a technically demanding, internationally recognized security certification required by the U.S. and 27 national governments worldwide for departments and agencies seeking to procure commercial products. Common Criteria certification provides assurance that the process of specification, implementation and evaluation of technology products has been conducted in a rigorous, standard, and repeatable manner. It involves in-depth evaluation, documentation, and testing against exacting standards to ensure products meet established minimums for functionality, information assurance, audit management, as well as mandates for access enforcement and cryptographic capabilities required by the U.S. federal government, global public sector organizations, critical infrastructure, and private industry.

NIAP is responsible for U.S. implementation of the Common Criteria and manages a national program for developing Protection Profiles, evaluation methodologies, and policies that will ensure achievable, repeatable, and testable requirements.

The evaluation was performed by Leidos' Common Criteria Testing Laboratory within its Commercial Cybersecurity practice. Leidos is one of the top evaluation and testing laboratories approved by the NIAP to conduct testing and evaluation for Common Criteria and other certifications critical to U.S. government customers.



RSA offers Business-Driven Security™ solutions that uniquely link business context with security incidents to help organizations manage risk and protect what matters most. RSA solutions are designed to effectively detect and respond to advanced attacks; manage user identities and access; and, reduce business risk, fraud, and cybercrime. RSA protects millions of users around the world, and helps 90% of the Fortune 500 companies thrive in an uncertain, high risk world. For more information, go to

Dell, EMC, RSA, and Business-Driven Security and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be the property of their respective owners.