Common Criteria Certificate for SimplySign Authentication Module

Asseco Data Systems SA has received a prestigious security certificate

Asseco Data Systems SA (ADS) provides trust services as well as digital solutions for businesses and public administration in line with the paperless concept. One of the flagship products of Asseco Data Systems is SimplySign, a mobile application that allows remote signing of electronic documents using a qualified electronic signature. To ensure the highest level of security and trust for its customers, Asseco Data Systems subjected the SimplySign Authentication Module (Signature Activation Module – SAM) to a rigorous evaluation in accordance with international Common Criteria standards.

Common Criteria (CC) is a standard that defines requirements and evaluation methods for the security of IT products. The CC certificate is recognized worldwide and testifies to the high quality and reliability of the product. SAM is the first and only IT product in Poland to receive a CC certificate at the EAL4 assurance level with an AVA_VAN.5 component extension, indicating that it is resistant to advanced hacker attacks. SAM also meets the security profile requirements contained in the European standard EN 419241-2: Trustworthy Systems Supporting Server Signing – Part 2: Protection Profile for QSCD for Server Signing, February 2019, meaning it complies with the requirements of the EU eIDAS regulation regarding trust services.

It is worth noting that thanks to the received certificate, we have also achieved a standard compliant with eIDAS 2 – the new regulation governing trust services in the European Union. The Common Criteria certificate for the qualified electronic signature module confirms that the highest security and compliance requirements with future law have been met. It is a guarantee of quality for our customers. This is one of the few, and certainly the first Polish certificate for this type of solution – so far only four companies in the world have obtained similar certifications. This is evidence of Polish technological concepts and Polish certification standards being recognized worldwide.

The SAM security evaluation was conducted by the Accredited Security Evaluation Laboratory at the Institute of Telecommunications – State Research Institute (IŁ-PIB). This institution is the only accredited laboratory in Poland that can conduct penetration tests with the highest attack potential specified in CC by the AVA_VAN.5 component. As a result of the successful evaluation, the accredited certification body, located in NASK-PIB, issued a certificate confirming compliance with the security profile and the CC standard.

Marcin Szulga, Director of the R&D Division at ADS, stated: “We are very proud to be the first in Poland and one of the few in the world to receive such a prestigious certificate for our SimplySign authentication module. This is a confirmation not only of our innovation and technological advancement but also of our commitment to providing the highest level of security and customer satisfaction. The CC certificate is both an achievement and a motivation for us to further develop our trust services, which are an indispensable element of the digital transformation of the modern world.”

The certificate can be found here: https://www.nask.pl/ftp/zdjecia_glowna/NASK_2PC1AC2232024-signed.pdf

Achieving the CC certificate for SAM is proof of the unique global competence and experience of the ADS team that developed this product. This team consists of specialized programmers, analysts, testers, and consultants. They continuously work on improving and developing SimplySign to ensure the highest quality and functionality of the mobile electronic signature service. SimplySign is currently one of the most popular and advanced electronic signature applications on the Polish market, allowing document signing from any device and anywhere, without the need for a card reader or physical card.

More information about SimplySign: https://www.certum.eu/en/simplysign/