Underscoring its leadership role in database security, Application Security, Inc. (AppSecInc) is pursuing Common Criteria certification for the current versions of its flagship products — AppDetective(TM), a vulnerability assessment scanner, and the AppSecInc Console(TM) for AppDetective, a centralized management solution — through the Accredited Testing and Evaluation Labs of Science Applications International Corporation (SAIC) in Columbia, Md.
The certification will extend AppSecInc´s momentum within the public sector by demonstrating compliance with strict U.S. Government criteria and exacting International Standards Organization requirements.
The Common Criteria, officially instituted in 1999, is an internationally approved set of security standards that ensures a clear and reliable evaluation of the security capabilities of information technology products. By providing an independent assessment of a product´s ability to meet established security standards, the Common Criteria offers a level of confidence for security-conscious customers. These high-profile customers, including the U.S. federal government, are required by law to purchase products that are Common Criteria-certified. The international scope of the Common Criteria, currently adopted and recognized by 20 nations, allows users from other countries to purchase IT products with the same level of confidence.
“In some ways, the federal government is leading the charge to effectively extend security best practices to the database application level,” said Ted Julian, vice president of marketing and strategy for AppSecInc. “With Common Criteria certification of AppDetective and the AppSecInc Console, a wide range of government agencies can more easily extend security best practices to the crown jewels, documenting continuous improvement, and ensuring prompt incident response.”
Backed by a proven security methodology and extensive knowledge of database application-level vulnerabilities, AppDetective locates, examines, reports and fixes security holes and misconfigurations. The AppSecInc Console adds the centralized reporting, policy definition and roll-out, and role-based access control features which enterprise-class deployments require. As a result, even across thousands of distributed databases, enterprises and government IT groups can proactively harden their database applications while improving and simplifying routine audits — the hallmarks of any demonstrable, repeatable and effective compliance effort.
AppSecInc´s pursuit of Common Criteria certification further demonstrates its commitment to providing comprehensive database security solutions for government organizations. The company currently offers a wide range of best-practice policy templates that augment government efforts in achieving compliance with various government initiatives and guidelines including FISMA, DISA-STIG, CIS and DITSCAP.