Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

5/18/2011
04:54 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

CA Technologies Increases List Of Identity And Access Management Products Certified Under Common Criteria

Common Criteria is an independent security certification recognized by governments in more than 26 countries

ISLANDIA, N.Y., May 17, 2011 /PRNewswire/ -- CA Technologies (NASDAQ: CA) today announced that CA Directory r12 SP3 has met the requirements of Common Criteria Evaluation Assurance Level 3+ from the Communications Security Establishment Canada (CSEC).

Common Criteria is an independent security certification recognized by governments in more than 26 countries, including the United States. Certification is granted when a Common Criteria testing laboratory, such as EWA-Canada, determines that a product meets a defined measure of security. The certification addresses product functionality, development environment, documentation and product testing measures.

"CA continues to support Common Criteria evaluations as a measurement of security capabilities," said Bill Clark, vice president, Public Sector Technical Sales, CA Technologies. "We understand the importance of third-party assurance, such as this certification, and are proud to have our identity and access management portfolio so well-represented on the certified products list."

CA Directory is a large-scale user directory that delivers the availability, reliability, and scalability needed for today's online applications. This includes providing the performance needed for efficient read and write operations, transparent distribution and replication.

The CA Directory r12 sp3 evaluation was performed on the Oracle Solaris 10 and Windows Server 2003 operating system SP2 platforms at EWA-Canada's Common Criteria Evaluation Facility. EWA is one of only three labs approved by the CSEC that meet the Canadian Common Criteria Scheme lab requirements. These labs conduct IT security evaluations to determine conformance to the Common Criteria for Information Technology Security Evaluation, International Standard ISO/IEC 15408.

Recent CA Technologies Common Criteria evaluations include CA Federation Manager r12 SP1 deployed on CA SiteMinder* and CA Identity Manager r12.5. CA security products currently in evaluation for the mainframe platform include CA ACF2(TM) r14 and CA Top Secret' r14.

*Formerly named: CA SiteMinder Federation Security Services r12 SP1

About Common Criteria

The National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) established the National Information Assurance Partnership (NIAP) to evaluate IT product conformance to the Common Criteria for Information Technology Security Evaluation, an international standard. The program, officially known as the NIAP Common Criteria Evaluation and Validation Scheme (CCEVS) is a partnership between the public and private sectors to help organizations select commercial off-the-shelf information technology (IT) products that meet their security requirements and to help manufacturers of those products gain acceptance in the global marketplace. Twenty-six countries now recognize the Common Criteria as third-party evaluation criteria for IT security procedures.

About EWA Canada

EWA-Canada (www.ewa-canada.com) is Canada's premier Information Assurance consulting firm specializing in IT Security Engineering, Managed Security Services and independent third-party evaluation and testing of products in its Common Criteria, FIPS 140 2 Cryptographic Module and Security Content Automation Protocol test labs. EWA-Canada is recognized for its comprehensive experience with Common Criteria evaluations, enabling companies to efficiently and cost-effectively manage the evaluation process thereby ensuring their products meet important certification requirements. For further information please visit us at www.ewa-canada.com/studies/it_security.php.

About CA Technologies

CA Technologies (NASDAQ: CA) is an IT management software and solutions company with expertise across all IT environments -- from mainframe and distributed, to virtual and cloud. CA Technologies manages and secures IT environments and enables customers to deliver more flexible IT services. CA Technologies innovative products and services provide the insight and control essential for IT organizations to power business agility. The majority of the Global Fortune 500 relies on CA Technologies to manage evolving IT ecosystems. For additional information, visit CA Technologies at www.ca.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5641
PUBLISHED: 2020-11-24
Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may be changed without the user's intention or consent via unspecified vectors.
CVE-2020-5674
PUBLISHED: 2020-11-24
Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2020-29002
PUBLISHED: 2020-11-24
includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator.
CVE-2020-29003
PUBLISHED: 2020-11-24
The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll.
CVE-2020-26890
PUBLISHED: 2020-11-24
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the r...