BeyondTrust’s IT Risk Management Framework Completes Common Criteria Certification
Corsec would like to congratulate our partner, BeyondTrust, on completing the Common Criteria certification process under an Evaluation Assurance Level (EAL) 2+ in the Canadian Scheme for its IT Risk Management Framework solution. BeyondTrust’s participation in the Common Criteria evaluation process emphasizes the company’s commitment to product security.
The IT Risk Management Framework gives companies control over internal and external risks. It’s a unique, unified platform combining privilege and vulnerability management solutions, enabling IT professionals and security experts to work together with greater control and enhanced efficiency.
Common Criteria, which is also an ISO standard (ISO 15408), is an internationally recognized set of guidelines which define a common framework for evaluating security features and capabilities of Information Technology security products. The standard consists of several predetermined evaluation assurance levels, each one more stringent than the last, with product security testing performed by independent third-party accredited laboratories. The Common Criteria Mutual Recognition Agreement (CCRA) is a pact, which was designed to allow all evaluations up to an evaluation assurance level (EAL) 2, to be recognized by all participating countries, regardless of where the evaluation was completed. There are currently 27 countries involved in the CCRA, including the United States and Canada, with others that follow unofficially such as the EU.
The U.S. government mandates Common Criteria certification of security products for federal purchases. Through the NSTISSP No. 11, federal agencies are required to purchase only those commercial security products that have met specified third-party assurance requirements and have been tested by an accredited national laboratory.
“Attaining this Common Criteria Certification is testament to BeyondTrust’s commitment and adherence to U.S. and international government standards on product security, as well as compliance to the recent Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, which requires completion of the Common Criteria certification”, Darcy Dinga, executive vice president, Corsec Security.
“BeyondTrust is a global cyber security company dedicated to proactively eliminating data breaches from insider privilege abuse and external hacking attacks. Corporate and government organizations rely on BeyondTrust solutions to shrink attack surfaces and identify imminent threats. The company’s integrated risk intelligence platform presents a unique competitive advantage in its ability to reveal critical risks hidden within volumes of user and system data. This unifies IT and security departments, empowering them with the information and control they need to jointly prevent breaches, maintain compliance, and ensure business continuity. BeyondTrust’s privileged account management and vulnerability management solutions are trusted by over 4,000 customers worldwide, including over half of the Fortune 100.”
Corsec partners with companies worldwide to manage the IT security certification and validation process. Their approach mitigates the risks associated with certifications and security validations. They accelerate go-to-market readiness, improve brand reputation in the marketplace and significantly increase financial returns for clients.