NetScreen Technologies said yesterday it is the first firewall vendor to meet a version of the Common Criteria EAL 4+ security certification required by certain US government buyers. The company said the certification applies to most of its firewalls.
Other firewall vendors, including Cyberguard and Secure Computing, have achieved EAL4+, which is the highest realistic, if not theoretical, certification the Common Criteria administrators hand out to firewalls.
But NetScreen says its certification is compliant with the US government’s Traffic-Filter Firewall Protection Profile for Medium Robustness Environments v1.4, which means penetration testing by the National Security Agency has been carried out.
CC certifications are notoriously expensive and time-consuming to achieve, generally well regarded, and useful when selling to government and military clients. NetScreen said the US Department of Defense looks for this certification when buying.
The certifications are, however, no guarantee of security, and buyers need to read the full CC report, as indicated by the fact that Windows 2000 has an EAL4+ certification (but only, it seems, when it is not connected to the internet).
This article is based on material originally published by ComputerWire