Affinity IT Security Labs is an independent laboratory that evaluates network connectable products and certifies them in regard to the following specific categories and binary criteria. Static evaluation relies on documentary evidence, whereas Dynamic evaluation also includes active testing.
The following 20 criteria make up version 1.0 of the Security Evaluation Criteria. Officially, the Security Evaluation Criteria are subject to change without notice. However, Affinity IT Security Labs pledges to make every reasonable effort to communicate significant impending changes to the criteria to our customers.
|Does the product require a login to access administrative features ?||Static|
|Does the product enforce strong password requirements ?||Static|
|Is it possible to easily update the product software ?||Static|
|Does the product support automated software updates ?||Static|
|Does the product validate and reject unacceptable inputs ?||Dynamic|
|Does the product support secure administrative access ?||Static|
|Does the product fail safely ?||Dynamic|
|Does the product feature anti-robot brute-force protection ?||Dynamic|
|Does the product support multi-factor authentication ?||Static|
|Does the product allow administrative accounts to be created ?||Static|
|Does the product allow the default administrative accounts to be removed/disabled ?||Static|
|Does the product encrypt the information that it stores ?||Static|
|Does the product encrypt its communications with other devices ?||Static|
|Does the product authenticate other devices and components it interacts with ?||Static|
|Does the product authenticate the update server ?||Static|
|Does the product fully redact its make, model, and software version in non-admin communications ?||Dynamic|
|Does the product securely log access events ?||Dynamic|
|Does the product verify downloaded software updates via digital signature ?||Static|
|Does the product feature any DoS resistance features ?||Dynamic|
|Does the product resist physical tampering ?||Dynamic|
The security score is calculated by aggregating the sum of positive answers, weighted by category:
- Critical Criteria: 5 points
- Important Criteria: 2 points
- Valuable Criteria: 1 point
The resulting aggregate score is divided by the maximum possible score of 65, multiplied by 10, and rounded to the nearest integer, producing an integer score in the range of 0 – 10.
The Security Rating is based on the Security Score as follows:
|0 <= 4||Insecure|
|4 <= 7||Secure|
|7 <= 10||Highly Secure|
Ready to request an evaluation ?
For more information on our security certification or to request an evaluation, please complete our request form or call us at 800.840.2335.