Exabeam Achieves Federal Common Criteria Certification

We are pleased to announce that the Exabeam Security Management Platform has achieved Common Criteria Certification. What does this mean for you?

If you are in the federal sector, the Common Criteria Certification ensures the highest level of consistent best practices for security-enhanced IT products such as Exabeam’s Security Management Platform. If you are in the private sector, you will continue to enjoy the same high standards of performance and security you are already experiencing. Our team spent a lot of time conducting security testing and assessments to meet the Common Criteria Certification requirements. In this post, I’ll go into the details of the Common Criteria Certification requirements.

Common Criteria Certification: what you need to know

In 30 countries, including the U.S., Common Criteria (CC) Certification became the standard under a signed agreement called the Common Criteria Recognition Arrangement. It means that businesses that obtain Common Criteria Certification can compete for federal and international government contracts.

What is Common Criteria Certification?

Before you purchase a product, you probably read the manufacturer’s description of what it does. For technology products like software, that description will typically highlight the features offered as well as the security it provides. Common Criteria sets very specific standards for these claims, requiring manufacturers to demonstrate that they’ve thoroughly evaluated and tested their products in a standard, repeatable way.

In addition to government agencies, organizations often look for the Common Criteria Certification before choosing to work with a technology business or purchase certain products. There are other types of certifications recognized individually by national governments, but the CC certification allows technology companies to do business across all member countries. In addition to the CC certification, the Common Criteria Recognition Arrangement (CCRA) also includes the Common Methodology for Information Technology Security Evaluation, which provides procedures for those who are certified to follow.

How products are certified

To obtain certification, companies have to go through a multistep process. It starts with submitting documentation that describes the product and its features. This documentation has to include how the product was tested to ensure it fits the criteria for a CC-certified product. In addition to this documentation, products must be evaluated by an independent third-party lab that can test the product and ensure it meets the CCRA security requirements.

Once a product makes it through the evaluation process and certification is approved, the official certificates will be issued. This certification will be recognized by the CCRA’s various signers, as well as the corporations, organizations, and government agencies that look for that certification before purchasing products.

What the Common Criteria Certification means

When a business has achieved CC certification, customers can have confidence that the product has been tested for the features and security levels claimed. Although achieving the Common Criteria Certification isn’t a quick process, it helps ensure that each product is thoroughly tested to maintain the integrity of the offerings.

By having the CC certification in place, participating countries can help ensure the integrity of servers and systems operating within their borders to protect those living there.

We invite you to find out more about the Exabeam Security Management Platform.