Request an Evaluation

The first step in certifying your products is to complete and submit the form below.  Payment is required at the time of submission, and you must be prepared to provide access to the device(s) (for dynamic testing), as well as product documentation.  A Security Rating Service Agreement is also required and will be sent to you within 2 business days of your request submission.

We contact you to arrange any necessary logistics.  You are responsible for any product and documentation shipping costs, and any travel expenses associated with on-site evaluations.

Note that Dynamic evaluation criteria is a superset of Static evaluation and this may be reflected in the resulting Security Score and Security Rating.  Barring unforeseen delays, the evaluation process typically completes within 10 business days.  Allow additional time for us to return your equipment per your shipping arrangements.

Fields marked with an asterisk are required. 

Equipment and documents should be shipped to:

Affinity IT Security
1243 Sussex Turnpike, Suite #1
Randolph, NJ 07869
Attention: Security Evaluation Receiving

Client Reference: <<Required>>

Static evaluation relies on documentary evidence, whereas Dynamic evaluation relies on testing the product/device and includes Static evaluation as well. Shipment of product is required for Dynamic evaluation (shipping cost not included). For a full list of our evaluation criteria, visit our criteria page.
Shipping information for Dynamic Evaluations:
Affinity IT Security, LLC.
1243 Sussex Turnpike, Suite #1
Randolph, NJ 07869
This field contains your client reference number. Please retain this number for your records. If you have requested a Dynamic evaluation, please include this number in your shipping label.
In accepting this disclaimer, you acknowledge that:

The Affinity IT Security Certification process is a determination regarding which of the following criteria are satisfied by the product under evaluation.
The criteria used for version 1.0 of the process are standard and appear below.

Critical Criteria
1. Does the product require a login to access administrative features ?
2. Does the product enforce strong password requirements ?
3. Is it possible to easily update the product software ?
4. Does the product support automated software updates ?
5. Does the product validate and reject unacceptable inputs ?
6. Does the product support secure administrative access ?
7. Does the product fail safely ?

Important Criteria
8. Does the product feature anti-robot brute-force protection ?
9. Does the product support multi-factor authentication ?
10. Does the product allow administrative accounts to be created ?
11. Does the product allow the default administrative accounts to be removed/disabled ?
12. Does the product encrypt the information that it stores ?
13. Does the product encrypt its communications with other devices ?
14. Does the product authenticate other devices and components it interacts with ?
15. Does the product authenticate the update server ?
16. Does the product fully redact its make, model, and software version in non-admin comms ?
17. Does the product securely log access events ?

Valuable Criteria
18. Does the product verify downloaded software updates via digital signature ?
19. Does the product feature any DoS resistance features ?
20. Does the product resist physical tampering ?

Security Score
The security score is calculated by aggregating the sum of positive answers, weighted by category:
• Critical Criteria: 5 points
• Important Criteria: 2 points
• Valuable Criteria: 1 point
The resulting aggregate score is divided by the maximum possible score of 65, multiplied by 10, and rounded to the nearest integer, producing an integer score in the range of 0-10.

Security Rating
The Security Rating is based on the Security Score as follows:

Security Score
0 <= 4 Insecure
4 <= 7 Secure
7 <= 10 Highly Secure

The Security Score and Security Rating are based solely on the criteria listed, and Affinity IT Security is the sole arbiter of whether individual criteria are satisfied by a particular product.

Select an Evaluation Type