FISMA News

Application Security in Evaluation Phase for Internationally Recognized Common Criteria Certification

(June 26, 2007)-- Underscoring its leadership role in database security, Application Security, is in evaluation for Common Criteria certification for the current versions of its market-leading vulnerability assessment, real-time monitoring and auditing solutions, through the Accredited Testing and Evaluation Labs of Science Applications International Corporation (SAIC) of Columbia, Md. As the industry’s only vendor with a full suite of products under evaluation, Application Security, Inc. continues to enhance its position as the most comprehensive and widely deployed database security solution on the market.

The pursuit of certification extends the Company’s momentum within the public sector by demonstrating compliance with stringent U.S. Government criteria and exacting International Standards Organization requirements.

The Common Criteria, officially instituted in 1999, is an internationally approved set of security standards that ensures a clear and reliable evaluation of the security capabilities of information technology products. By providing an independent assessment of a product’s ability to meet established security standards, the Common Criteria offers a level of confidence for security-conscious customers.

“In many ways, the federal government is a catalyst for innovation in the development of security best practices at the database application level,” said Ted Julian, vice president of marketing and strategy for Application Security, Inc. “With Common Criteria certification of Application Security, Inc.’s database security suite, a wide range of government agencies can more easily extend security best practices to the crown jewels – organization databases – thereby documenting continuous improvement and ensuring prompt incident response on the systems where data lives.”

Backed by a proven security methodology and extensive knowledge of database-level vulnerabilities, the DbProtect™ suite examines, reports and fixes security holes and misconfigurations, while providing enterprise-class database security and intelligent, real-time database activity monitoring/auditing capabilities in one solution. All-inclusive, integrated and priced per database, it allows customers to easily deploy what they need, when they need it, at a price point substantially below that of competitive solutions which provide only a subset of the protection and management capabilities.

As a result, even across thousands of distributed databases, enterprises and government IT groups can proactively harden their database applications while improving and simplifying routine audits – the hallmarks of any demonstrable, repeatable and effective compliance effort. The company currently offers a wide range of best-practice policy templates that augment government efforts in achieving compliance with various government initiatives and guidelines including NIST 800-53, FISMA, DISA-STIG, CIS and DITSCAP.

Share or bookmarklet this web page at: