Tripwire has demonstrated its ongoing commitment to meeting U.S. government and internationally recognized security standards by achieving the most current Common Criteria standards for its latest version of Tripwire IP360’s 9.0.1, specifying the certification as “Evaluation Assurance Level 2 augmented with Flaw Remediation” (EAL2+).
VM and SCM for Federal Agencies
Tripwire IP360 and Tripwire’s secure configuration management solution, Tripwire Enterprise, are among only 12 “Detection Devices and Systems” recognized globally as being Common Criteria certified. So what is Common Criteria, and why is this new recognition so significant?
What is Common Criteria?
Internationally recognized as the evaluation standard for IT security products, Common Criteria certifications provide independent assurance to government and commercial agencies that the products being purchased satisfy security requirements for information systems. Essentially, they’re there to make sure security products actually do what they claim to do.
The certification for Tripwire IP360 was issued by the Communications Security Establishment (CSE), the Government of Canada’s center for IT security expertise, advice and guidance, and a participant of the Common Criteria Recognition Arrangement (CCRA). The CCRA brings together 28 nations who agree to accept a unified approach to the evaluations of IT products and protection profiles for information assurance and security.
Common Criteria Evaluations
When the Common Criteria organization assesses the security of a product, they use a 1-7 scale to rank their evaluation assurance level (ELA). This number indicates how thoroughly and rigorously they tested the solution in question. A higher ELA doesn’t indicate a more secure product — only that more testing took place to verify that particular solution.
Testing takes place via licensed laboratories selected by the Common Criteria organization. Testing through certification bodies like Common Criteria helps reduce product research costs for agencies and provides a standardized, repeatable, independent verification process (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Megan Freshley. Read the original post at: https://www.tripwire.com/state-of-security/tripwire-news/tripwire-ip360-certified-common-criteria-certification-standards/