|[January 17, 2013]
AccessData Group Achieves Common Criteria Certification for Cyber Intelligence and Response Technology (CIRT)
LINDON, Utah --(Business Wire)--
In a welcome announcement for the new year; AccessData's
CIRT v.2.1.2 has received certification from Common
Criteria, an internationally recognized standard for computer
security certification, with an Evaluation Assurance Level (EAL) of 3+.
Common Criteria provides a set of standards used by the federal
government and other organizations to assess the security and assurance
of technology products. Common Criteria implements and evaluates
solutions, employing rigorous and consistent methodologies, to validate
and rate their levels of security assurance. Common Criteria is the
driving force for the widest available mutual recognition of secure and
trusted IT products.
AccessData chose to invest in the certification to ensure CIRT is
endorsed against internationally sanctioned and rigorous security
standards. CIRT is the first and only product to integrate network and
host forensics, malware analysis, large-scale data auditing and
remediation capabilities. The solution delivers the functionality of AccessData's
SilentRunner network forensics solution, AD
eDiscovery and AD
Enterprise products through a single collaborative interface. Common
Criteria has bestowed this certification upon CIRT for its data
protection technology, including its ability to provide network
surveillance (also, its ability to detect data spillage, and its ability
to perform integrated root cause analysis in the event of a security
breach). The core technology certified through Common Criteria exists in
many of AccessData's solutions.
This certification ensures the product was methodically tested and
checked at an independent lab where a vulnerability analysis
demonstrated resistance to penetration attackers. The lab found that
CIRT v2.1.2 provides the means to identify and manage inappropriate data
hosted on corporate end user workstations, file shares, and email
message servers. It offers protection against attempts to breach system
security by attackers. The lab gave CIRT its highest rating of all
products it is currently testing. The EAL score of 3+ is recognized by
all countries participating in the Common
Criteria Recognition Arrangement (CCRA).
The evaluators determined that the initialization process is secure and
that the security functions are protected against tamper and bypass.
User guides were found to be sufficiently descriptive on how to use and
administer CIRT, resulting in a secure configuration. The evaluators
found that the CIRT v2.1.2 configuration items were clearly marked and
the access control measures were effective in preventing unauthorized
access to configuration items. AccessData's configuration management
system was also observed during the site visit, and it was found to be
mature and well-developed. Evaluators also examined the development
security procedures and determined that they detailed sufficient
security measures to protect the confidentiality and integrity of the
CIRT v2.1.2 design and implementation. Common Criteria noted that
AccessData maintains a high-level of end user support for the product.
This independent penetration testing did not uncover any exploitable
vulnerabilities in the intended operating environment.
CIRT v2.1.2 was subjected to a comprehensive suite of formally
documented, independent functional and penetration tests. The testing
took place at the Information Technology Security Evaluation and Test
(ITSET) Facility at EWA-Canada. The CCS Certification Body witnessed a
portion of the independent testing. The developer's tests and the
independent functional tests yielded the expected results, giving
assurance that CIRT v2.1.2 is a trusted product that provides the
security desired by the most demanding organizations.
AccessData will be hosting a webinar titled, "Cyber
Intelligence & Response Technology... What You Don't Know CAN Hurt You"
that will highlight many of the key capabilities of the CIRT platform on
Thursday, January 31st, at 10am PT / 1pm ET. This event is
free to attend, but registration is required.
About AccessData Group:
AccessData Group has pioneered digital investigations and litigation
support for 25 years. Its family of stand-alone and enterprise-class
solutions, including FTK, SilentRunner, Summation and the CIRT security
framework, enable digital investigations of any kind, including computer
forensics, incident response, e-discovery, legal review and compliance
auditing. More than 130,000 users in law enforcement, government
agencies, corporations and law firms worldwide rely on AccessData
software solutions and its premier digital investigation and hosted
review services. AccessData is also a leading provider of digital
forensics and litigation support training and certification. www.accessdata.com.
[ InfoTech Spotlight's Homepage ]