Homepage Open Systems newsroom

Borderware firewall accepted for certification under Common Criteria EAL4+ & EAL5 vulnerability analysis

Announcement posted by Open Systems 03 Oct 2001

BorderWare raises the bar on firewall security
BorderWare Technologies Inc has announced its firewall server is the first firewall to be accepted for re-certification under Common Criteria EAL4+ and EAL5 vulnerability analysis.

Common Criteria is a certification scheme for evaluation of IT security that are broadly useful to the international community. BorderWares Firewall Server became the first firewall to gain a Common Criteria EAL4+ certification in January 2000. EAL5 is an add-on certification that the US National Institute of Standards and National Security Agency has established as a key part of the Common Criteria evaluation process.

This re-certification increases the independent assurance that BorderWares product is well designed and engineered to provide protection against known vulnerabilities and offers the highest level of security, said Paul Patti, defence executive, Open Systems.

Many of Open Systems customers, 60 per cent of which are government departments and agencies, require security products which are certified under Common Criteria.

Ever since the Internet became an avenue for commerce, customers and businesses have relied on the standards that government set. The Common Criteria security standards of which 16 countries, including Australia, are signatories sets the standards which defence, Government and large organisations of these countries take as the minimum security standard.

When we tell customers Borderwares firewall is used throughout government they immediately know theyre getting the best on the market. This vulnerability certification only increases customer confidence in the Borderware product and reinforces our leadership in the security market.

Borderware is currently providing a detailed analysis for each known and applicable vulnerability to demonstrate how the product defends against them. The results of this analysis will be confirmed by independent testing by UK research company, Syntegra.

The EAL5 vulnerability analysis is one of the areas that differentiates the Common Criteria from other certification schemes such as the European ITSEC and US TCSEC.

ENDS

About Common Criteria
The CC represents the outcome of a series of efforts to develop criteria for evaluation of IT security that are broadly useful within the international community. In the early 1980's the Trusted Computer System Evaluation Criteria (TCSEC) was developed in the United States. In the succeeding decade, various countries began initiatives to develop evaluation criteria that built upon the concepts of the TCSEC but were more flexible and adaptable to the evolving nature of IT in general.

In Europe, the Information Technology Security Evaluation Criteria (ITSEC) version 1.2 was published in 1991 by the European Commission after joint development by the nations of France, Germany, the Netherlands, and the United Kingdom. In Canada, the Canadian Trusted Computer Product Evaluation Criteria (CTCPEC) version 3.0 was published in early 1993 as a combination of the ITSEC and TCSEC approaches. In the United States, the draft Federal Criteria for Information Technology Security (FC) version 1.0 was also published in early 1993, as a second approach to combining North American and European concepts for evaluation criteria.

The first Common Criteria product certifications were completed in the late 1990's and today some 14 countries have signed the Mutual Recognition Agreement including all the originators of the TCSEC, ITSEC and CTCPEC schemes. For further information on Common Criteria see http://www.commoncriteria.org.

About BorderWare Technologies Inc
BorderWare Technologies Inc. is a private company headquartered in Toronto, Canada with offices in London, England; Frankfurt, Germany; Stockholm Sweden and San Jose, California. BorderWare's mission is to develop and market easy-to-use and highly secure Internet Gateway products and services based on its field-proven S-CORE technology, an industrial-strength operating system which forms the secure kernel of all BorderWare products. The company's flagship product is the BorderWare Firewall Server, an integrated firewall and Internet services gateway. BorderWare's range of solutions includes VPN client-server solutions, the BorderWare Document Gateway and the BorderWare Mail Gateway. BorderWare Technologies Inc. was the first firewall vendor to obtain the Common Criteria EAL4 Certification. Visit the BorderWare web site at www.borderware.com.