VeriSign First PKI Provider to Earn Internationally Recognized Common Criteria EAL4 Accreditation

Third Party Confirms Integrity of VeriSign Technology Worldwide



Apr 24, 2001, 01:00 ET from VeriSign, Inc.

    MOUNTAIN VIEW, Calif., April 24 /PRNewswire Interactive News Release/ --
 VeriSign, Inc. (Nasdaq:   VRSN), the leading provider of Internet trust
 services, today announced that it has been accredited with the highest Common
 Criteria rating attained by public key infrastructure (PKI) providers.  The
 Common Criteria represents the outcome of a series of efforts by government
 organizations from the United States, Canada, France, Germany, and the United
 Kingdom among others to develop criteria for evaluation of information
 technology (IT) security that are broadly useful within the international
 community.  VeriSign offers its end-to-end PKI managed services to the
 international community through a network of 35 affiliates, whose customers
 worldwide can be assured that their PKI deployment continues to meet the
 highest standards.
     "Because the Internet has no borders, it is essential for vendors to
 observe international common standards, to provide consistent services
 worldwide and to comply with various regional criteria at the same time," said
 Roger Cochetti, senior vice president and chief policy officer for VeriSign.
 "We have put incredible efforts into building the carrier class, scalable,
 hardened infrastructure that secures the wired and wireless Internet today,
 and we are very pleased that it meets the rigorous requirements of the
 internationally recognized Common Criteria."
     The Common Criteria is an International Standards Organization (ISO)
 recognized evaluation process, developed by a collaboration of industry and
 government agencies like the National Security Agency (NSA) in the U.S., and
 others around the world.  VeriSign earned its accreditation through the
 Australian Defense Signals Directorate, acting on behalf of Australia within
 the Common Criteria member group of 14 nations.
     Common Criteria attests that VeriSign IT products and managed services
 have performed to Evaluation Assurance Level 4 (EAL4), a higher rating than
 any other PKI provider has earned.  The rating not only confirms VeriSign's
 product integrity, it meets governmental and commercial requirements specific
 to certain regions allowing VeriSign affiliates to bid for additional
 contracts.  For example, VeriSign's Australian affiliate eSign leveraged the
 Common Criteria rating and has now achieved the first full commercial
 accreditation as both a Registration Authority (RA) and a Certification
 Authority (CA) under Australia's Federal Government Gatekeeper strategy for
 public key technology use in government.
     "We are now fully accredited to provide all grades and types of Gatekeeper
 digital certificates which can be used across multiple agencies," said Gregg
 Rowley, managing director for eSign Australia Limited.  "Government agencies
 and organizations now have a one-stop-shop to provide their PKI requirements
 to deal with government online.  As an accredited RA and CA, eSign will be
 able to manage PKI solutions based on customers' individual requirements with
 minimum effort and cost."
     The Common Criteria rating provides a means to measure products by an
 internationally agreed upon method of evaluation and to increase the
 availability of evaluated, security-enhanced IT products.  Functionalities
 measured during the Common Criteria review of VeriSign's processing center
 product include cryptographic support, communications, user data protection,
 identification and authentification, security management and privacy, among
 others.  For more information about Common Criteria, see
 http://www.commoncriteria.org/ .
     In addition to the Common Criteria EAL4 certification of the VeriSign
 Processing Center platform, for the fourth year in a row, VeriSign has also
 completed a successful AICPA SAS-70 Type II audit, verifying the internal
 policies and procedures against its widely recognized Certification Practices
 Statement (CPS).  For the first time, VeriSign has also been successfully
 audited against the WebTrust program for Certification Authorities, an
 independent program aimed at auditing controls and procedures unique to
 Certification Authorities.  VeriSign continues to pursue these efforts to
 provide our customers with the highest quality of trusted infrastructure
 services.
     For more information about the AICPA and the SAS-70 audit, see
 http://www.aicpa.org .
     For more information about the WebTrust program for Certification
 Authorities, see http://www.cpawebtrust.org/CertAuth_fin.htm .
 
     About VeriSign
     VeriSign, Inc. is the leading provider of trusted infrastructure services
 to web sites, enterprises, electronic commerce service providers and
 individuals.  The company's domain name, digital certificate and payment
 services provide the critical web identity, authentication and transaction
 infrastructure that online businesses require to conduct secure e-commerce and
 communications.  VeriSign's services are available through its Web site
 (www.verisign.com) or through its direct sales force and reseller partners
 around the world.
     Statements in this announcement other than historical data and information
 constitute forward-looking statements within the meaning of Section 27A of the
 Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934.
 These statements involve risks and uncertainties that could cause VeriSign's
 actual results to differ materially from those stated or implied by such
 forward-looking statements.  The potential risks and uncertainties include,
 among others, VeriSign's limited operating history under its current business
 structure, uncertainty of future revenue and profitability and potential
 fluctuations in quarterly operating results, increased competition, risks
 associated with the company's international business and risks related to
 potential security breaches.  More information about potential factors that
 could affect the company's business and financial results is included in
 VeriSign's filings with the Securities and Exchange Commission, especially in
 the company's Annual Report on Form 10-K for the year ended December 31, 2000.
 VeriSign undertakes no obligation to update any of the forward-looking
 statements after the date of this press release.
 
                      MAKE YOUR OPINION COUNT - Click Here
                http://tbutton.prnewswire.com/prn/11690X57771422
 
 

SOURCE VeriSign, Inc.
    MOUNTAIN VIEW, Calif., April 24 /PRNewswire Interactive News Release/ --
 VeriSign, Inc. (Nasdaq:   VRSN), the leading provider of Internet trust
 services, today announced that it has been accredited with the highest Common
 Criteria rating attained by public key infrastructure (PKI) providers.  The
 Common Criteria represents the outcome of a series of efforts by government
 organizations from the United States, Canada, France, Germany, and the United
 Kingdom among others to develop criteria for evaluation of information
 technology (IT) security that are broadly useful within the international
 community.  VeriSign offers its end-to-end PKI managed services to the
 international community through a network of 35 affiliates, whose customers
 worldwide can be assured that their PKI deployment continues to meet the
 highest standards.
     "Because the Internet has no borders, it is essential for vendors to
 observe international common standards, to provide consistent services
 worldwide and to comply with various regional criteria at the same time," said
 Roger Cochetti, senior vice president and chief policy officer for VeriSign.
 "We have put incredible efforts into building the carrier class, scalable,
 hardened infrastructure that secures the wired and wireless Internet today,
 and we are very pleased that it meets the rigorous requirements of the
 internationally recognized Common Criteria."
     The Common Criteria is an International Standards Organization (ISO)
 recognized evaluation process, developed by a collaboration of industry and
 government agencies like the National Security Agency (NSA) in the U.S., and
 others around the world.  VeriSign earned its accreditation through the
 Australian Defense Signals Directorate, acting on behalf of Australia within
 the Common Criteria member group of 14 nations.
     Common Criteria attests that VeriSign IT products and managed services
 have performed to Evaluation Assurance Level 4 (EAL4), a higher rating than
 any other PKI provider has earned.  The rating not only confirms VeriSign's
 product integrity, it meets governmental and commercial requirements specific
 to certain regions allowing VeriSign affiliates to bid for additional
 contracts.  For example, VeriSign's Australian affiliate eSign leveraged the
 Common Criteria rating and has now achieved the first full commercial
 accreditation as both a Registration Authority (RA) and a Certification
 Authority (CA) under Australia's Federal Government Gatekeeper strategy for
 public key technology use in government.
     "We are now fully accredited to provide all grades and types of Gatekeeper
 digital certificates which can be used across multiple agencies," said Gregg
 Rowley, managing director for eSign Australia Limited.  "Government agencies
 and organizations now have a one-stop-shop to provide their PKI requirements
 to deal with government online.  As an accredited RA and CA, eSign will be
 able to manage PKI solutions based on customers' individual requirements with
 minimum effort and cost."
     The Common Criteria rating provides a means to measure products by an
 internationally agreed upon method of evaluation and to increase the
 availability of evaluated, security-enhanced IT products.  Functionalities
 measured during the Common Criteria review of VeriSign's processing center
 product include cryptographic support, communications, user data protection,
 identification and authentification, security management and privacy, among
 others.  For more information about Common Criteria, see
 http://www.commoncriteria.org/ .
     In addition to the Common Criteria EAL4 certification of the VeriSign
 Processing Center platform, for the fourth year in a row, VeriSign has also
 completed a successful AICPA SAS-70 Type II audit, verifying the internal
 policies and procedures against its widely recognized Certification Practices
 Statement (CPS).  For the first time, VeriSign has also been successfully
 audited against the WebTrust program for Certification Authorities, an
 independent program aimed at auditing controls and procedures unique to
 Certification Authorities.  VeriSign continues to pursue these efforts to
 provide our customers with the highest quality of trusted infrastructure
 services.
     For more information about the AICPA and the SAS-70 audit, see
 http://www.aicpa.org .
     For more information about the WebTrust program for Certification
 Authorities, see http://www.cpawebtrust.org/CertAuth_fin.htm .
 
     About VeriSign
     VeriSign, Inc. is the leading provider of trusted infrastructure services
 to web sites, enterprises, electronic commerce service providers and
 individuals.  The company's domain name, digital certificate and payment
 services provide the critical web identity, authentication and transaction
 infrastructure that online businesses require to conduct secure e-commerce and
 communications.  VeriSign's services are available through its Web site
 (www.verisign.com) or through its direct sales force and reseller partners
 around the world.
     Statements in this announcement other than historical data and information
 constitute forward-looking statements within the meaning of Section 27A of the
 Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934.
 These statements involve risks and uncertainties that could cause VeriSign's
 actual results to differ materially from those stated or implied by such
 forward-looking statements.  The potential risks and uncertainties include,
 among others, VeriSign's limited operating history under its current business
 structure, uncertainty of future revenue and profitability and potential
 fluctuations in quarterly operating results, increased competition, risks
 associated with the company's international business and risks related to
 potential security breaches.  More information about potential factors that
 could affect the company's business and financial results is included in
 VeriSign's filings with the Securities and Exchange Commission, especially in
 the company's Annual Report on Form 10-K for the year ended December 31, 2000.
 VeriSign undertakes no obligation to update any of the forward-looking
 statements after the date of this press release.
 
                      MAKE YOUR OPINION COUNT - Click Here
                http://tbutton.prnewswire.com/prn/11690X57771422
 
 SOURCE  VeriSign, Inc.