, the company that protects organizations from cyber attacks
that have made their way inside the network perimeter, today announced that it has achieved Common Criteria Evaluation Assurance Level EAL 2+ for its comprehensive CyberArk Privileged Account Security Solution. The certification underscores CyberArk’s commitment to helping federal organizations
and global enterprises secure privileged accounts – the "keys to the IT kingdom" – before cyber attackers can steal and exploit them to gain access to sensitive data and systems.
As reported in the cyber attack on the U.S. Office of Personnel Management (OPM), attackers exploited privileged credentials to move laterally across networks, conduct reconnaissance without detection, and exfiltrate critical data. In response, the U.S. CIO Tony Scott called for a 30-Day Cybersecurity Sprint – which includes a directive for Federal agencies to focus on tightening policies and practices for privileged users and credentials across networks.
The CyberArk Privileged Account Security Solution helps government organizations prevent the theft, abuse and misuse of privileged credentials in advanced cyber attacks, while better containing threats, and limiting damage.
"In the face of repeated cyber attacks, the U.S. government is rightfully scrambling to tighten policies and practices for privileged accounts to prevent another OPM-style breach," said Eric Noonan, CEO of Virginia-based CyberSheath Services. "CyberArk is the first company to offer a fully certified and comprehensive privileged account security solution. We look forward to continuing to work with CyberArk, combining its government industry expertise and ability to quickly address high demand, as more organizations work to evolve their cyber security strategies."
Common Criteria is an internationally approved set of security standards that provides a clear and reliable evaluation of the security capabilities of IT products. This framework provides confirmation that the development, evaluation and validation of an IT product has met specific security standards in accordance with an independent assessment accepted by the most security-conscious customers, such as federal governments. The international scope of Common Criteria, currently adopted by 25 nations, allows users from other countries to purchase IT products with the same level of confidence, due to the recognition of the certification across the complying nations.
"We fully understand and support the urgency in which federal agencies are seeking to secure and protect their privileged account controls. The 30-Day Cybersecurity Sprint puts a spotlight on this critical cybersecurity issue," said Roy Adar, senior vice president, product management, CyberArk. "The Common Criteria certification further validates CyberArk’s privileged account security capabilities. We are committed to helping organizations be more responsive to emerging cyber threats and launch proactive controls around privileged accounts and users to protect their most valuable assets."
This certification was conducted by EWA-Canada, one of the accredited Common Criteria testing laboratories, which conducted product testing and evaluated remediation policies, secure delivery process and configuration management process. Virginia-based Corsec was CyberArk’s strategic advisor in this certification process. The CyberArk Privileged Account Security Solution v9.1 is a complete solution to protect, monitor and alert on privileged accounts across the enterprise, cloud and SCADA/OT environments.
"The Common Criteria certification of the CyberArk Privileged Account Security Solution is an important step because CyberArk has now achieved an internationally recognized standard for protection of privileged credentials," stated Erin Connor, director of the EWA-Canada Common Criteria Test Lab (CCTL). "Achieving this certification demonstrates CyberArk’s commitment to providing high quality security solutions to its customers.