The Common Criteria For The Common Good

For many organizations, evaluating the security of a particular product can be difficult.

Contact us to learn more.

For many organizations, evaluating the security of a particular product can be difficult. It’s enough work just to evaluate the functionality of a solution, let alone the security of the system. Validating the security of your proposed solution requires expertise, time and effort that most organizations can’t afford. And while you may be willing to take the vendor’s word on the security of their product, it’s always best to get an assessment from someone you trust.

Enter The Common Criteria. The Common Criteria was formed in 1999 from leading government security agencies around the globe, including the United States’ Department of Defense (DOD) Canada’s Communications Security Establishment (CSE) and the United Kingdom’s Communications-Electronics Security Group (CESG), in order to provide a globally recognized set of security criteria that vendors could certify their products against.

Before The Common Criteria was formed, vendors would have to certify their product according to each government’s particular scheme, which was cumbersome for many vendors to do and resulted in most not bothering to certify their products at all. With The Common Criteria, they’re able to certify their product with a testing lab in one country and have that certification be recognized by all other participating nations. And the certification requirements not only include the product, but also involve design documentation, design analysis, functional testing, and penetration testing. This makes for a more complete and involved certification that extends beyond the product into the vendor’s processes and procedures.

With 26 members, and seven of the eight G8 countries participating, The Common Criteria is one of the industry’s most recognized certifications. Having certified over 1850 products in the last 14 years, it’s also one of the largest certifying bodies specializing in security.

While initially proposed as a means to validate products for purchase within the government, The Common Criteria is now used by many organizations, including enterprise companies and higher education institutions in order to assess the security of a solution.

While there are some specialized security certifications, such as the Federal Information Processing Standards (FIPS) 140 series certification for cryptographic modules, there are little industry wide certifications that can be used to assess the security of a solution. In lieu of these standard certifications from the private sector, The Common Criteria has emerged as the certification of choice for enterprises because it certifies both the product and the processes behind how the vendor develops that product. Organizations can be assured that they’re not only purchasing the right solution, but also from the right vendor.

For global companies, it is even more attractive due to the participation from leading nations in 5 of the 6 inhabited continents. This global representation ensures that an organization is covered in many, if not all, of the countries where they may have a presence.

And for those private organizations that deal with the government and require some form of integration, The Common Criteria certification helps to ensure that the products they need to integrate will be accepted more easily.

Although developed with government intentions, The Common Criteria has emerged as a recognized standard by all and should be part of every security conscious organization’s checklist when evaluating products.

Read the BlueCat Press Release Read the Common Criteria Evaluation Report  

Critical conversations on critical infrastructure

Find out how your peers are managing their networks through profound change. Watch this series of live interactive discussions with IT pros & join the debate in Slack.

Join the conversation

Read more

Technical Know-How: Deploying DDNS with BlueCat

Dynamic DNS automatically updates DNS records when an IP address changes. Learn how to deploy DDNS on the BlueCat Address Manager and DNS/DHCP server.

Read more
To better see the threats on your network, try DNS

DNS is a vector used in most cyber attacks. When it comes to DNS, BlueCat can enhance visibility, detection, and containment of threats to your network.

Read more
The bigger the business, the more misguided the DDI

EMA research for BlueCat found an inverse relationship between commercial DDI use and business size, as well as more surprises about DDI adoption trends.

Read more
A Simple Replacement for Complicated GSLB

BlueCat’s Global Server Selector makes it easy to deliver highly available services and distributed applications, without increased network complexity.

Read more

Subscribe to our blog