Verdasys Digital Guardian meets government standards for common criteria security certification


Verdasys, provider of Enterprise Information Protection (EIP) solutions, announced Thursday its Digital Guardian v6.0.1 data loss prevention (DLP) platform has completed EAL2+ evaluation under the Communications Security Establishment Canada’s (CSEC) Common Criteria Evaluation and Certification Scheme. Active participation in IT government security validations such as Common Criteria signifies Verdasys’ commitment to providing customers with security products and services that meet the strict criteria for evaluation standards within the international community.

Verdasys’ approach to EIP combines protection against insider threat and cyber attacks with regulatory compliance in a unified and integrated third-generation (DLP 3.0) solution based on its Digital Guardian platform, recognized as a Leader in Gartner’s 2011 Magic Quadrant for Content-Aware DLP. This scalable platform provides multiple, independent layers of protection to enable secure data sharing across physical, virtual, mobile and cloud environments.

Now launching in the U.S. and Europe as the first Managed Service for Information Protection (MSIP), the Verdasys integrated technology framework incorporates network, desktop and server agents to identify, audit and control data risks throughout the business process.

To facilitate prompt completion of the Common Criteria certification, Verdasys partnered with Corsec Security Inc., a consulting, documentation and project management services firm with over fourteen years of experience in security certifications. “Verdasys’ pursuit and achievement of an EAL2+ Common Criteria certification demonstrates their focus and determination to provide their customers with a high-level of security,” said Matthew Appler, CEO of Corsec Security. “It was apparent from the start this was their prime objective and we’re glad to have been able to help them achieve it and reach their certification goals.”

Common Criteria is an internationally recognized set of guidelines (ISO 15408), which define a common framework for evaluating security features and capabilities of Information Technology security products. The standard consists of several predetermined evaluation assurance levels, each one more stringent than the last. Common Criteria allows vendors to have their products tested against a chosen level by an independent third-party testing laboratory.

The Common Criteria Mutual Recognition Agreement (CCRA) is a pact which was designed to allow all evaluations up to an evaluation assurance level (EAL) 4, to be recognized by all participating countries, regardless of where the evaluation was completed. There are currently 26 countries involved in the CCRA, including the United States and Canadian governments, with others that follow unofficially such as the EU.

According to Verdasys CEO Jim Ricotta, "With the growing number and complexity of data threats from all directions, Common Criteria certification is an important part in ensuring the highest standards for security software. The worldwide community understands Common Criteria as a benchmark for customer confidence, and certification is an important validation of the business value that our Digital Guardian platform brings to mid-sized companies and large enterprises."

Leave a Reply

WWPI – Covering the best in IT since 1980