Hunguard Ltd., due to its successful work in recent years, boasts a high number of references and more than 20 years of expertise regarding the evaluation and certificating of software products. The evaluation of the products is performed by our company’s Evaluation Division as a laboratory accredited by the National Accreditation Board under registration number NAT-1-1578/2013, while the accredited Certification Division, completely independent regarding both operation and leadership, assumes responsibility for issuing the certificates.
Software quality
The most common type of software product evaluation is the evaluation of software quality (standard: ISO/IEC 25040), which evaluates the given solution according to factors well-known even in everyday life, namely functionality, reliability, efficiency, operability, security, compatibility, maintainability, and portability.
Security evaluation
One of the most significant areas of software evaluation related to general software quality is product evaluation from a security viewpoint. Our security evaluation is performed according to the MIBÉTS (Hungarian Information Technology Security Evaluation and Certification Scheme) methodology accepted in recommendation number 28 by the Council of Information Technology in the Public Sector (Közigazgatási Informatikai Bizottság, KIB). This is a naturalised version of the Common Criteria (CC) methodology, and equals the CC’s EAL2-EAL4 guarantee levels. The products evaluated from a security viewpoint have mainly been electronic signature solutions, but various other applications for which security is crucial have also been evaluated by us.
Regarding electronic signature products, we undertake the inspection of the following product groups:
- reliable systems (CA – certification authority, TSA – timestamp authority)
- signature creator applications
- smart card platforms with security
- digital archiving solutions
Training for international certifications
Cryptography
Evaluating the cryptographic security of software products is a special area of security evaluation. In the course of the evaluation of the cryptographic security of software products, the cryptographic solutions, generally based on standard algorithms, are inspected according to a methodology based on international standards and recommendations, taking the appropriateness of the implementation and the appropriateness of the key-management system (key generating) related to the algorithm into consideration.