Trustwave NAC Achieves Common Criteria Validation

Trustwave has been validated for Common Criteria Evaluation Assurance Level (EAL) 2 Augmented with Flaw Remediation (ALC FLR. 1) or EAL 2+

February 11, 2010

3 Min Read


CHICAGO (February 10, 2010) "Trustwave, one of the leading providers of information security and compliance solutions, has achieved Common Criteria validation for its Network Access Control (NAC) technology. Specifically, Trustwave has been validated for Common Criteria Evaluation Assurance Level (EAL) 2 Augmented with Flaw Remediation (ALC FLR. 1) or EAL 2+. This accreditation demonstrates Trustwave's commitment to meeting the needs of federal, state and municipal government entities and enterprises around the world by delivering a solution that meets stringent security standards.

Common Criteria is an internationally approved set of security standards that provides a clear and reliable evaluation of the security capabilities of Information Technology (IT) products. This framework provides confirmation that the development, evaluation and validation of an IT product has met specific security standards in accordance with an independent assessment accepted by the most security-conscious customers, such as federal governments. The international scope of Common Criteria, currently adopted by 26 nations, allows users from other countries to purchase IT products with the same level of confidence, due to the recognition of the certification across the complying nations.

Network Access Control technology helps prevent unknown or unauthorized endpoints " such as a laptop from a third party vendor " from freely connecting to a proprietary network. These types of endpoints are primary vectors for the introduction of viruses and other malware onto corporate networks. Trustwave NAC validates an endpoint's security posture before allowing it to connect, and also governs each endpoint's behavior on the network once access is granted.

The Target of Evaluation (TOE) for EAL 2+ certification was for Trustwave NAC version 3.4.0. Specifically, Trustwave NAC was evaluated throughout all stages to show the solution enables network administrators to control which devices gain admission to the network and what network services they may invoke. Using controlled sensors to initially monitor all network traffic, Trustwave NAC detects any policy violations configured by administrators. Next, as devices attempt to gain access to the network, Trustwave NAC can run policy checks to determine if the identified device complies with the security policies in the network segment that it is attempting to join. After admission, Trustwave NAC monitors all network traffic, detects exceptions to the administrator-configured behavioral policy, and re-evaluates the network access permitted to the managed devices as new information about them is learned.

"Due to Trustwave's preparedness, mature process and understanding of the Common Criteria, Trustwave was able to complete the EAL2+ evaluation in a very efficient seven months," said Jason Lawlor, General Manager of the DOMUS IT Security Laboratory, the lab that performed the testing. "Trustwave's NAC product has now been confirmed to provide the security features for which it was evaluated and can now help provide government and federal agencies around the world with enhanced perimeter security."

"As a leading security organization it's important that we certify our technology with the most robust standards," says Robert J. McCullen, chairman and CEO of Trustwave. "Trustwave NAC has been tested to deploy in a secure fashion and can now be implemented by government bodies throughout the world."

About Trustwave Trustwave is the leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper' compliance management software and other proprietary security solutions. Trustwave has helped thousands of organizations—ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers—manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, Asia and Australia. For more information, visit

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights