Positive Technologies a leading provider of vulnerability assessment, compliance management and threat analysis solutions today announced that its product solution MaxPatrol™ has successfully obtained ISO 15408-EAL2 certification issued by the German Government’s Federal Office for IT Security (BSI). Positive Technologies achievement of this significant milestone is a further endorsement of its leading position within the cyber-security sector.
This certification has two key differentiators from other types of conformity assessment enabling customers to more fully understand the quality and robustness of the certified product against other products. Firstly the certified product developer is obliged not only to disclose the security features of the product solution, but also to justify the adequacy of these functions to counter threats specific to the conditions in which it is assumed it will be in operation. Secondly, the certificate indicates the level of confidence (Evaluation Assurance Level, EAL), which allows the consumer to judge certified solutions on how deeply the decision was investigated during the certification tests. Tests were conducted in accordance with the level of confidence EAL2, which includes not only lab testing the product but also a detailed study of the design documentation, development and testing, and a search for vulnerabilities within the distribution system.
Brendon Woo, Korean Country Manager for Positive Technologies, said “We are delighted to have achieved this certification as a further validation of the quality and depth of our MaxPatrol™ product. This was part of our strategy to further develop our business by addressing government and financial institutions market where CC certification is mandatory.” In addition to the German authorities BSI, system MaxPatrol™ is certified by SAP, CIS Security Benchmarks and other organizations.
About the ISO 15408 Common Criteria
The ISO 15408 ‘Common Criteria for Information Technology Security Evaluation’ is a unified international standard certification of information systems security requirements with certificates issued from Germany. The German BSI performs the same function as the NIST and the NSA in the US and the SCSSI in France.