CA Mainframe Security Management Products Achieve EAL4+ 'In Evaluation' Status for Common Criteria International Security Standard

CA Top Secret, CA ACF2 and CA Compliance Manager Undergo Rigorous Evaluation Mandated for National Security Systems

Jan 07, 2010, 09:00 ET from CA

ISLANDIA, N.Y., Jan. 7 /PRNewswire-FirstCall/ -- CA, Inc. (Nasdaq: CA) today announced that three of its leading mainframe security management software products -- CA ACF2(TM) r14 , CA Top Secret® r14 and CA Compliance Manager for z/OS r1 -- are officially in evaluation for EAL4+ certification under the Common Criteria International security standard. Common Criteria evaluation of security products is mandated for commercial information security products purchased by the U.S. government for use in national security systems.

The three CA products have cleared the first, pre-evaluation stage of the certification process and have advanced to the "in evaluation" stage where they will be tested for specific security functionality against a comprehensive set of predetermined requirements. Common Criteria certification is granted when a Common Criteria testing laboratory determines that a product meets a measure of security. The certification addresses product functionality, development environment, documentation and product testing measures.

Common Criteria is recognized by governments in more than 26 countries, including the United States.

"CA's security solutions are designed from the ground up to provide our public and private sector customers around the world with rigorous protection of their critical information assets," said Kirk Willis, vice president of mainframe security management at CA. "Through the Common Criteria certification process, our customers will receive the third-party validation they require to take advantage of the unique capabilities these solutions offer."

CA ACF2 and CA Top Secret provide comprehensive access control for IBM® z/OS® resources across operating systems, subsystems, third-party software and databases which includes externalized security controls for CICS®, DB2®, UNIX® System Services (USS) and IMS(TM). They enable organizations to monitor and adjust their security policies and accommodate virtually all organizational structures.

CA Compliance Manager for z/OS is the first platform-resident solution to provide real-time policy management of security and compliance events across the z/OS environment and mainframe security subsystems. It consolidates real-time and historical monitoring of select system events and security events to safeguard IT environments. CA ACF2 and CA Top Secret also work with CA Compliance Manager to provide a single view of compliance for the mainframe.

All three solutions are part of CA's Mainframe 2.0 initiative, which is greatly simplifying mainframe ownership and facilitating the generational shift in mainframe management staffs.

CA SiteMinder, CA eHealth® Performance Manager and CA NSM are among the CA products most recently evaluated under the Common Criteria. Additional CA products currently in evaluation include CA Access Control and CA Identity Manager.

The evaluation of CA software will be performed by Booz Allen Hamilton's Common Criteria Testing Laboratory (CCTL). The Booz Allen Hamilton lab is one of only nine U.S.-based CCTLs approved by the National Information Assurance Partnership (NIAP) that meets the Common Criteria Evaluation and Validation Scheme requirements. The Booz Allen CCTL conducts IT security evaluations for conformance to the Common Criteria for Information Technology Security Evaluation, International Standard ISO/IEC 15408:1999.

About Common Criteria

The National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) established the NIAP to evaluate IT product conformance to the Common Criteria for Information Technology Security Evaluation, an international standard. The program, officially known as the NIAP Common Criteria Evaluation and Validation Scheme (CCEVS) is a partnership between the public and private sectors to help organizations select commercial off-the-shelf information technology (IT) products that meet their security requirements and to help manufacturers of those products gain acceptance in the global marketplace. Twenty-six countries now recognize the Common Criteria as third-party evaluation criteria for IT security procedures.

(Logo: )

About CA

CA (Nasdaq: CA), the world's leading independent IT management software company, helps customers optimize IT for better business results. CA's Enterprise IT Management solutions for mainframe and distributed computing enable Lean IT -- empowering organizations to more effectively govern, manage and secure their IT operations. For more information, visit

Connect with CA


Copyright © 2010 CA. All Rights Reserved. One CA Plaza, Islandia, N.Y. 11749. IBM, z/OS, CICS, DB2 and IMS are trademarks or registered trademarks of IBM Corporation in the United States, other countries or both. UNIX is a registered Trademark of The Open Group. All other trademarks, trade names, service marks and logos referenced herein belong to their respective companies.

    Press Contact

    Bob Gordon
    CA, Inc.
    (631) 342-2391