Acme, Inc. Static Evaluation Results

[Company Logo]

Evaluation Date: 1/1/2019

Evaluation Type: Static

Make: Acme

Model: ModelName

Version: 1.2.3

Evaluation ResultCertified Secure

Evaluation Breakdown

Critical Criteria

Criteria Yes / No
Does the product require a login to access administrative features ?
Does the product enforce strong password requirements ?
Is it possible to easily update the product software ? 
Does the product support automated software updates ?
Does the product validate and reject unacceptable inputs ? Not Tested
Does the product support secure administrative access ? 
Does the product fail safely ? Not Tested

Important Criteria

Criteria Points Earned
Does the product feature anti-robot brute-force protection ? Not Tested
Does the product support multi-factor authentication ?
Does the product allow administrative accounts to be created ?
Does the product allow the default administrative accounts to be removed/disabled ?
Does the product encrypt the information that it stores ?
Does the product encrypt its communications with other devices ?
Does the product authenticate other devices and components it interacts with ?   
Does the product authenticate the update server ?
Does the product fully redact its make, model, and software version in non-admin comms ?          Not Tested
Does the product securely log access events ?  Not Tested

Valuable Criteria

Criteria Points Earned
Does the product verify downloaded software updates via digital signature ?
Does the product feature any DoS resistance features ? Not Tested
Does the product resist physical tampering ? Not Tested

Final Security Rating: Certified Secure

About Affinity IT Security

Affinity IT Security is a security consulting firm that helps clients secure their networks, products, and software. We would welcome the opportunity to assist your security testing and conduct the security rating process for your products.

Contact us at info@affinity-it.com to discuss how we can add value to your development and marketing efforts as an independent security testing partner.