Common Criteria (EAL4) support

The National Institute of Standards and Technology (NIST) has developed Common Criteria to ensure you have a safe option for downloading software to use on your systems. Information held by IT products or systems is a critical resource that enables organizations to succeed in their mission. Additionally, individuals have a reasonable expectation that their personal information contained in IT products or systems remain private, be available to them as needed, and not be subject to unauthorized modification. IT products or systems should perform their functions while exercising proper control of the information to ensure it is protected against hazards such as unwanted or unwarranted dissemination, alteration, or loss. The term IT security is used to cover prevention and mitigation of these and similar hazards.

WebSphere® Application Server Version 6.1 was certified at the Common Criteria EAL4 level, the highest level of any commercially available application server. WebSphere Application Server Version 7 was designed to meet or exceed the security capabilities of WebSphere Application Server Version 6.1, including the EAL4 requirements. The US CCEVS is no longer certifying software products as Common Criteria EAL compliant because they are moving to a new security standard referred to as Protection Profiles. The Protection Profiles requirements for middleware software have not yet been closed. When the Protection Profiles do close, it is our intent to see WebSphere Application Server Version 8 certified at the appropriate Protection Profiles level.




Related information
Common Criteria Validation and Evaluation Scheme website (by the National Information Assurance Partnership)
Reference topic Reference topic    

Terms of Use | Feedback

Last updatedLast updated: Sep 19, 2011 4:16:02 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=matt&product=was-base-dist&topic=rovrcommoncriteria
File name: rovr_commoncriteria.html