Contact Sales:
sales@comodogroup.com
Telephone:
Tel: + 1.888.266.6361
Tel: + 1.206.203.6361
Comodo provides services which require the highest possible levels of trust and integrity. To meet such requirements Comodo has invested heavily in the providing both physical and logical security for the Certification Authority operations.
Comodo employs policies and practices that have been designed to meet or exceed the requirements of the AICPA/CICA WebTrust Program for Certification Authorities, ANS X9.79:2001 PKI Practices and Policy Framework, and other industry standards related to the operation of CAs. Comodo is currently undergoing WebTrust compliancy testing.
To date, Comodo have issued tens of thousands of validated SSL and secure email digital certificates through our secure Certification Authority operations. The advanced physical and logical security and validation practices and procedures ensure that all Comodo certificates are highly trusted.
Key elements of security and service integrity employed are detailed below. For further information on the Comodo operations are available in our Certification Practice Statement - available at the Comodo repository (www.comodo.com/repository).
Comodo securely generates and protects its own private key(s), using a trustworthy system (IBM 4758 accredited to FIPS PUB 140-1 level 4), and takes necessary physical and logical precautions to prevent the compromise or unauthorised usage of such devices. All digital certificates issued are issued using IBM 4758 hardware security modules.
With its dedicated team of R & D engineers, the Comodo Digital Trust Lab specializes in design and development of next generation Internet security solutions. Comodo collaborates with leading industry participants such as IBM, HP, Microsoft and Intel to implement a vision of security through invention and innovation. Core development areas include Certificate Services, ASIC design house and fabless semiconductor work, software development and design, infrastructural projects including the idAuthority (the world's only real-time identity assurance infrastructure), and cryptographic research and analysis.
Access to the secure part of Comodo facilities is limited through the
use of physical access control and is only accessible to appropriately
authorised individuals (known as Trusted Personnel). Card access systems
are in place to control, monitor and log access to all areas of the facility.
Access to the Comodo CA physical machinery within the secure facility
is protected with locked cabinets and logical access control.
The secure facilities are protected from fire and smoke damage (fire protection
is made in compliance with local fire regulations) and flood and water
damage
Comodo secure facilities have a primary and secondary power supply and
ensure continuous, uninterrupted access to electric power. Heating / air
ventilation systems are used to prevent overheating and to maintain a
suitable humidity level.
Comodo employ a redundant CA system to ensure uninterrupted service levels.
Comodo also utilise secondary server and operations sites.
If you would like further details on the Comodo secure facilities please contact legal@comodogroup.com.