This blog post was originally published on Government Gurus.
Guest post by Matthew Appler, CEO of Corsec Security
Data ONTAP v8.1.1 7-Mode has completed EAL 2+ recertification under the Communications Security Establishment Canada’s (CSEC) Common Criteria Evaluation and Certification Scheme. NetApp’s continued participation in IT government security validations signifies NetApp’s commitment to providing users with solid product security.
In order to facilitate the prompt completion of the Common Criteria re-certification, NetApp partnered with Corsec Security, Inc., a consulting, documentation, and project management services firm with over fifteen years of experience in security certifications.
Not only are NetApp’s products innovative, but by recertifying their storage operating system, NetApp is demonstrating their dedication to providing secure products for the IT and Healthcare IT industries. We have been working with NetApp for a long time. The corporate commitment to continuous certification is just further proof that security is a part of the NetApp DNA. Corsec was glad to partner with NetApp for both the certification and re-certification efforts for Data ONTAP.
What is the Common Criteria Evaluation and Certification Scheme?
Common Criteria is an internationally recognized set of guidelines (ISO 15408), which define a common framework for evaluating security features and capabilities of Information Technology security products. The standard consists of several predetermined evaluation assurance levels, each one more stringent than the last.
Common Criteria allows vendors to have their products tested against a chosen level by an independent third-party testing laboratory. The Common Criteria Mutual Recognition Agreement (CCRA) is a pact which was designed to allow all evaluations, to be recognized by all participating countries, regardless of where the evaluation was completed. There are currently 26 countries involved in the CCRA, including the United States and Canadian governments, with others that follow unofficially such as the EU.
Common Criteria certification of security products is mandated by the U.S. government for federal purchases. The Committee for National Security Systems Policy, CNSSP #11, requires agencies to purchase only those commercial security products which have met specified third-party assurance requirements and have been tested by an accredited national laboratory.
Government agencies are growing increasingly aware of the threats to data in cyberspace and continue to take steps to arm themselves against these threats. These threats to systems that house sensitive information are real. It is imperative that vulnerabilities to attacks on data systems are kept at a minimum. Companies like Net App who achieve certification against these government standards are helping to lead the way to greater information security.