"As part of our continuing effort to deliver the highest level of security in our products, we are committed to maintaining Common Criteria certification for our API Gateway solution in both hardware and virtual appliance form factors,” said Phil Walston, vice president, Product Management, CA Technologies. “This achievement shows that CA’s API management and security gateway has been certified for use in the most critical and sensitive government applications.”
This evaluation certifies the CA Layer 7 API Gateway for policy management and access control Protection Profiles. It is the first API Gateway certified for the National Information Assurance Partnership (NIAP) Common Criteria Protection Profile for Enterprise Security Management (PP_ESM).
The CA Layer 7 API Gateway provides a SOA, XML, API and information sharing solution that is now certified to meet the top defense and intelligence community requirements for security, management and control capabilities in on-premises and cloud-based Web service deployments.
Certification was granted by NIAP based on the results of an evaluation performed by CSC’s U.S.-based Common Criteria Testing Laboratory (CCTL). The CSC lab is one of only eight U.S.-based CCTLs approved by NIAP and meets the Common Criteria Evaluation and Validation Scheme. The evaluation examined product functionality, design, development environment and documentation and culminated in functional and penetration testing.
"The evaluation game has changed since the EAL4 effort (evaluation assurance level); Protection Profiles are now the centerpiece of Common Criteria certification and NIAP has shifted focus to extensive functional testing. The CA Layer 7 team worked hard together with our Security Testing and Certification Lab to demonstrate compliance. Having the SecureSpan SOA Gateway, now called CA Layer 7 API Gateway, be the first product certified against NIAP's ESM profiles is truly a great achievement for both CA and CSC," said Lachlan Turner, technical director, Security Testing and Certification Laboratories, CSC.
CA Technologies acquired Layer 7 Technologies, a leading provider of API management and security, in June 2013. For additional information about CA Technologies security solutions, please visit: http://www.ca.com/us/securecenter.aspx.
About Common Criteria
The National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) established the National Information Assurance Partnership (NIAP) to evaluate IT product conformance to the Common Criteria for Information Technology Security Evaluation, an international standard. The program, officially known as the NIAP Common Criteria Evaluation and Validation Scheme (CCEVS) is a partnership between the public and private sectors to help organizations select commercial off-the-shelf information technology (IT) products that meet their security requirements and to help manufacturers of those products gain acceptance in the global marketplace. Twenty-six countries now recognize the Common Criteria as third-party evaluation criteria for IT security procedures.