WebTrust Seal Assures Cybertrust’s Identity Management Customers That Systems Are Secure and Policies Governing Certificates are Followed

By | May 30, 2006

Cybertrust, the global information security specialist, today announced that the WebTrust audit for its Certification Authority (CA) services was successfully completed and has earned the AICPA/CICA WebTrust Certification Authorities Seal. This is the third year in a row Cybertrust has earned this Seal.

The American Institute of Certified Public Accountants and the Canadian Institute of Chartered Accountants (AICPA/CICA) WebTrust Program for Certification Authorities criteria was developed to increase consumer confidence in the Internet as a vehicle for conducting e-commerce and to increase consumer confidence in the application of PKI technology. The WebTrust seal of assurance verifies that the assertions that Cybertrust makes in its Certificate Practice Statement around identity and business verification, digital certificate lifecycle management and business and privacy practices are maintained with the highest levels of integrity.

Cybertrust-stated vetting procedures have always been of the highest standards, with the domain name, requester and company verified for each certificate issued by Cybertrust. These standards are already in accordance with the new High Assurance SSL Certificates standards currently being defined by leading browser vendors, leading Certificate Authorities including Cybertrust, and independent standard bodies. These High Assurance SSL Certificates are designed to combat phishing attempts that SSL certificates issued by other Certification Authorities do not prevent, due to less stringent verification.

As a trusted third party, Deloitte provided Cybertrust with an objective review of its technology, business practices and controls relative to the WebTrust for Certification Authorities standards. These standards assure that subscriber and relying party information is properly authenticated and restricted to authorised individuals; the continuity of key and certificate life cycle management operations is maintained; and, the systems development, maintenance and operation of the certification authority are performed to maintain certification authority systems integrity.

“With phishing and pharming attempts on the rise and the increased sophistication of attacks which target consumers, Certificate Authorities´ assertions are very important in driving consumer confidence. The WebTrust for Certification Authorities is the industries´ de-facto standard to provide confidence that its certificates are issued only to properly registered entities,” said Chris Verdonck, Deloitte Enterprise Risk Services Partner. “We congratulate Cybertrust on its third consecutive accreditation, a clear sign to the industry that the Company is committed to maintaining the highest level of integrity in its security practices.”

“Having Cybertrust´s achieve the WebTrust Certification Authority standards showcases our commitment to assuring that client data is secure and protected in Cybertrust´s operations,” said Kerry Bailey, Cybertrust senior vice president of global services. “By auditing our practice to industry standards, our customers can have complete confidence that they are working with a trusted partner with the experience and expertise to align information security to their unique business needs.”

Combining authentication management, single sign-on, access control, user administration and resource provisioning functionality, Cybertrust identity management solutions help businesses and governments efficiently manage user identities across multiple systems and applications, with each solution tailored to customers´ unique business and security needs. Customers are provided with the tools to automate user account provisioning and workflow, and to create a comprehensive and efficient approach to managing identities and access to resources across enterprise systems.

Leave a Reply