Cogito Group is proud to announce that Cogito Jellyfish Certificate Authority Version 7.0 has achieved Common Criteria certification and is listed on the Common Criteria Certified Products List as Protection Profile compliant.

For government, Defence, critical infrastructure and regulated enterprise environments, this certification provides independent assurance that Jellyfish is engineered to support trusted digital identity, certificate lifecycle automation and high-assurance credential management.

Certification Summary

Product: Cogito Jellyfish Certificate Authority Version 7.0
Certification: Common Criteria certified
Compliance listing: Protection Profile compliant
Audit scope: PKI, Certificate Lifecycle Management and Token Management System capabilities
Relevant environments: Government, Defence, critical infrastructure and regulated enterprise sectors
Assurance focus: Trusted digital identity, certificate lifecycle automation, credential governance and high-assurance PKI operations

Why Common Criteria Certification Matters

Common Criteria is an internationally recognised framework for evaluating the security functionality of technology products.

For customers, procurement teams and security assessors, certification provides independent evidence that a product has been evaluated against defined security requirements.

That matters because PKI is foundational infrastructure.

Certificate authorities, registration workflows, certificate lifecycle automation and token management all need to be trusted, governed and protected. When these systems support high-assurance identity, credential and certificate services, independent evaluation helps strengthen confidence in the platform that sits at the centre of the digital trust environment.

The certification of Jellyfish Certificate Authority Version 7.0 reinforces confidence that Jellyfish can support environments where assurance, sovereignty, compliance and operational resilience are essential.

A Stronger Trust Layer for Zero Trust

Zero Trust depends on strong, verifiable digital identity.

Certificates, cryptographic keys and trusted credentials help organisations authenticate users, devices, systems, workloads and services before access is granted.

Jellyfish supports this by helping organisations establish and manage trust across the full certificate lifecycle, from issuance and renewal through to revocation, reporting, automation and governance.

With Jellyfish, organisations can strengthen:

• identity assurance
• certificate-based authentication
• secure machine-to-machine communication
• certificate lifecycle automation
• credential and token management
• policy-based access control
• operational visibility and reporting
• sovereign control of critical trust infrastructure

For Zero Trust programs, PKI is not simply a supporting technology. It is a core trust layer.

Built for High-Assurance Environments

Jellyfish is designed for organisations that need confidence in how digital identity and trust services are delivered, operated and governed.

This includes:

• government agencies
• Defence and national security environments
• critical infrastructure operators
• financial services organisations
• healthcare and education providers
• telecommunications providers
• regulated enterprises
• managed service providers delivering secure identity and PKI services

For these organisations, independent assurance is more than a compliance milestone. It supports procurement confidence, security governance, risk reduction and long-term operational trust.

Reduce Certificate Risk at Enterprise Scale

Certificate outages, expired certificates and unmanaged cryptographic assets can disrupt critical services.

As organisations expand cloud services, APIs, connected devices, remote access and machine identities, certificate lifecycle management becomes increasingly complex.

Jellyfish helps organisations manage this complexity by supporting controlled certificate operations, policy enforcement, lifecycle automation and reporting across high-trust environments.

Common Criteria certification adds an additional layer of assurance for customers that need independently evaluated security capabilities in the systems that manage their digital trust fabric.

Sovereign Capability for Trusted Digital Infrastructure

Cogito Group designs and delivers cyber security, PKI and digital identity capabilities for organisations that require strong assurance and control.

Jellyfish supports sovereign digital trust outcomes by helping customers manage critical PKI, certificates and credentials with security, resilience and governance at the centre of the platform.

For Australian and New Zealand customers, this is particularly important where data sovereignty, security-cleared operations, government assurance and local expertise are key requirements.