Pushing the Edge in Security: Achieving the Common Criteria Certification

By Srini Sekaran • September 5, 2019

Cohesity is committed to the digital transformation of the public sector. Over the last few years, organizations within the Department of Defense, space agencies, as well as intelligence and civilian organizations have come to rely on Cohesity to protect, manage, and leverage their data. As part of the Federal Data Strategy, a comprehensive plan that guides how agencies should manage and use federal data, the top priorities are further securing enterprise data governance, increasing data access and use, and encouraging the use of data to improve decision-making and accountability. It makes sense: data is not just a business catalyst, it’s also transforming the way the public sector operates.

Cohesity continues to push the edge in supporting this transformation, particularly with security and compliance. From announcing native integrations with the leading certified government clouds to supporting TAA compliance rules, Cohesity continues to address evolving requirements and adhere to the most stringent security measures. Today, Cohesity announces that its products have been Common Criteria EAL2+ certified.

Common Criteria is an international set of guidelines and specifications developed for evaluating information security products, specifically to ensure they meet a universal security standard for government deployments. Mandated by numerous government bodies, Common Criteria is the de facto universal security certification, accepted by the governments of 30+ countries around the globe.

Achieving the Common Criteria Evaluation Assurance Level 2 certification for Cohesity DataPlatform and Cohesity DataProtect is a milestone, underpinning our commitment to security and serving the public sector — but it’s just one part of a broader story. Security is deeply ingrained into all our products, with always-on encryption and a scale-out data management platform that adheres to the most rigorous compliance protocols.

Public sector organizations are in good company. A gamut of federal organizations rely on Cohesity to modernize their IT initiatives; security is one of the cardinal aspects of why they trust Cohesity. Now with EAL2+ certification, federal customers can experience a comprehensive set of capabilities that push the edge in security:

  • Common Criteria Evaluation Assurance Level 2 (EAL2+) certified
  • Native integration with leading FedRAMP certified government clouds—AWS GovCloud, Microsoft Azure GovCloud, and Google Cloud Platform
  • FIPS 140-2 validated
  • Always-on encryption, based on AES-256
  • TAA compliant
  • Federal Information Security Management Act (FISMA) Compliance | Authorities to Operate (ATOs) on DoD networks
  • WORM Compliant – SEC 17a-4f certification
  • Strong multi-factor, certificate-based (PIV/CAC) authentication and integrations with the leading identity providers
  • Internal key management service (KMS) support and integration with external KMS for key management, including SafeNet integration

Federal agencies are working to transform the way they operate. Cohesity helps them on the journey to digital transformation, with security as the foundation. As a result, the public sector can rest easy, knowing that change can be done securely, and reap the benefits of thwarting mass data fragmentation. To learn more, take a look at how Cohesity manages federal data — securely.

Tags: