Symantec products earn Common Criteria EAL2+ certification

Symantec today announced that Symantec Endpoint Protection 11.0 and Symantec Network Access Control 11.0 have been awarded Common Criteria Evaluation Assurance Level 2 augmented with ALC_FLR.2 and AVA_MSU.1 (EAL2+) certification.

This certification assures customers that Symantec Endpoint Protection and Symantec Network Access Control have gone through a rigorous analysis and testing process and conforms to standards sanctioned by the International Standards Organization. Common Criteria is an important worldwide evaluation standard for security products as its certifications are recognised in 25 countries around the world. Based on the recent certification, Symantec Endpoint Protection is conformant to the US Government Protection Profile for Anti-Virus Applications for Workstations in Basic Robustness Environments, Version 1.1, 4 April 2006.

For more information about Symantec's Common Criteria certifications, visit: http://www.cse-cst.gc.ca/services/common-criteria/trusted-products-e.html. "This certification further validates the ability of Symantec Endpoint Protection and Symantec Network Access Control to protect any organisation," said Brad Kingsbury, senior vice president Endpoint Security and Management, Symantec. "Recognising that the federal government is a leading proponent of Common Criteria certification, Symantec is well positioned to continue providing customers in the Department of Defense and civilian federal agencies with endpoint protection technology that meets stringent EAL2+ certification."

Symantec Endpoint Protection combines Symantec AntiVirus with advanced threat prevention to deliver defence against malware for laptops, desktops and servers. It provides protection against sophisticated attacks that evade traditional security measures, such as rootkits, zero-day attacks and mutating spyware.

Symantec Network Access Control securely controls access to corporate networks, enforces endpoint security policy and easily integrates with existing network infrastructures. Communications Security Establishment Canada (CSEC) participates in the international Common Criteria Recognition Arrangement on Canada's behalf and sets the standards for the Canadian certification process. Upon successful completion of the certification process, a product's Security Target and Certification Report and its Certificate of Product Evaluation are posted on CSEC's Internet site at: http://www.cse-cst.gc.ca/services/common-criteria/common-criteria-e.html.

The Common Criteria for information technology security evaluation is a set of evaluation criteria agreed to by the United States' National Security Agency/National Institute of Standards and Technologies and equivalent bodies in 24 other countries. It was designed to resolve the technical and conceptual differences among existing standards for the evaluation of security systems and products. Certification to the Common Criteria requires in-depth analysis of product design and development methodology, backed by extensive testing.

Common Criteria is currently recognised by the following countries: United States, Canada, Australia, New Zealand, Austria, The Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, India, Israel, Italy, Japan, Malaysia, The Netherlands, Norway, Republic of Korea, Singapore, Spain, Sweden, Turkey, and the United Kingdom. The Common Criteria represents the outcome of efforts to develop criteria for evaluation of IT security that are widely accepted within the international community. Further information is available at http://www.commoncriteriaportal.org.