SAN CARLOS, Calif. — August 18, 2010 — MarkLogic Corporation, the company revolutionizing the way organizations leverage unstructured information, today announced that MarkLogic Server has earned Common Criteria Certification from an unbiased independent evaluator. MarkLogic Server has been validated in accordance with the provisions of the National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme (CCEVS) for IT Security, one of the nation’s most exceptional IT security certification programs. MarkLogic is now the only commercial DBMS vendor with a NIAP Common Criteria evaluation under the U.S. Government Approved Protection Profile (PP) for Database Management Systems (DBMS), and is listed on the CCEVS website at niap-ccevs.org/st/vid10306/.
“This time-intensive certification proves that MarkLogic Server has an extremely high degree of security, both in its design and implementation,” said Chris Biow, federal chief technology officer, MarkLogic. “Security-conscious customers, such as the U.S. federal government, are now requiring Common Criteria Certification as a determining factor in purchasing decisions. We are pleased to have achieved this level of certification as it assures our customers worldwide and across every industry that their trusted information is secure with MarkLogic Server.”
Common Criteria is an internationally recognized International Standards Organization standard (ISO/IEC 15408) used by governments and other organizations to assess the security capabilities of technology products. Under the Common Criteria, products are evaluated according to strict standards for various features, such as security functionality and the handling of security vulnerabilities. Common Criteria gives customers more confidence in the security of technology products and helps lead to more informed decisions.
MarkLogic Server earned an EAL3 certification, which means the product was evaluated in design stage, with independent verification of the developer’s testing results. This certification also evaluates the developer’s checks for vulnerabilities, the development environmental controls, and the product’s configuration management. MarkLogic Server is now officially validated as able to support six top CCEVS categorized security functions identified by the NIAP as: Security Audit, User Data Protection, Identification and Authentication, Security Management, Protection of the TSF Data, and TOE Access. For more information, please visit: niap-ccevs.org/st/vid10306/.
The certification process includes detailed analysis of the design and implementation of MarkLogic Server, thorough documentation of the design and Quality Assurance (QA) processes, as well as thorough independent testing of the MarkLogic Sever security features.
The National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) have established a program under the National Information Assurance Partnership (NIAP) to evaluate IT product conformance to international standards. The program, officially known as the NIAP Common Criteria Evaluation and Validation Scheme for IT Security (CCEVS) is a partnership between the public and private sectors. This program is being implemented to help consumers select commercial off-the-shelf information technology (IT) products that meet their security requirements and to help manufacturers of those products gain acceptance in the global marketplace.