How Do We Evaluate Your Products ?

Affinity IT Security Labs is an independent laboratory that evaluates network connectable products and certifies them in regard to the following specific categories and binary criteria. Static evaluation relies on documentary evidence, whereas Dynamic evaluation also includes active testing. 

The following 20 criteria make up version 1.0 of the Security Evaluation Criteria.  Officially, the Security Evaluation Criteria are subject to change without notice.  However, Affinity IT Security Labs pledges to make every reasonable effort to communicate significant impending changes to the criteria to our customers.

Critical Criteria

Does the product require a login to access administrative features ? Static
Does the product enforce strong password requirements ?  Static
Is it possible to easily update the product software ? Static
Does the product support automated software updates ? Static
Does the product validate and reject unacceptable inputs ?         Dynamic
Does the product support secure administrative access ?  Static
Does the product fail safely ? Dynamic

Important Criteria

Does the product feature anti-robot brute-force protection ? Dynamic
Does the product support multi-factor authentication ? Static
Does the product allow administrative accounts to be created ? Static
Does the product allow the default administrative accounts to be removed/disabled ? Static
Does the product encrypt the information that it stores ? Static
Does the product encrypt its communications with other devices ? Static
Does the product authenticate other devices and components it interacts with ? Static
Does the product authenticate the update server ? Static
Does the product fully redact its make, model, and software version in non-admin communications ?   Dynamic
Does the product securely log access events ?   Dynamic

Valuable Criteria

Does the product verify downloaded software updates via digital signature ?      Static
Does the product feature any DoS resistance features ? Dynamic
Does the product resist physical tampering ? Dynamic

Security Score

The security score is calculated by aggregating the sum of positive answers, weighted by category:

  • Critical Criteria: 5 points
  • Important Criteria: 2 points
  • Valuable Criteria: 1 point

The resulting aggregate score is divided by the maximum possible score of 65, multiplied by 10, and rounded to the nearest integer, producing an integer score in the range of 0 – 10.

Security Rating

The Security Rating is based on the Security Score as follows:

Security Score Rating
0 <= 4 Insecure
4 <= 7 Secure
7 <= 10 Highly Secure

Ready to request an evaluation ?

For more information on our security certification or to request an evaluation, please complete our request form or call us at 800.840.2335.