This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is sophos UTM 9.409 EAL4+ compliant? is there a certification?

I've  found the EAL4+ certification for UTM9 1.000 but nothing related to UTM 9.409, where i can read that this release is EAL4+ compliant?

thanks



This thread was automatically locked due to age.
  • Hi, Pasquale, and welcome to the UTM Community!

    This is a question you should ask of Sophos or your reseller.  This is a users-helping-other-users community that is visited occasionally by Sophos technical employees.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • As Bob says ... confirm IF (Big IF) the current version is EAL4+

     

    The following is a statement from 2015 ... however do not consider this as FACT

     

    Sophos UTM Earns Common Criteria EAL4+ Certification

    09 April 2015
    Products

    In April 2015, Sophos UTM v9 earned the Common Criteria (ISO 15408) certification under the German Common Criteria Evaluation and Certification Scheme by the German Federal Office for Information Security BSI (Bundesamt für Sicherheit in der Informationstechnik). As soon as we receive the certificate it will be available for download under the following link: https://www.sophos.com/en-us/support/knowledgebase/117713.aspx.

    Version Details

    The certificate with the identification number BSI-DSZ-CC-0942 applies to the product Sophos UTM v9 Packet Filter Version 1.000, which is the firewall component of the UTM security solution Sophos UTM v9 and was delivered with Sophos UTM 9.305. The certification is based on the Common Criteria Version 3.1 Revision 4 for the security level EAL4+ and was accompanied by the accredited testing laboratory SRC (Security Research & Consulting GmbH) situated in Bonn, Germany.

    What is Common Criteria?

    Common Criteria is a standard for evaluating the security features and capabilities of information technology products and is accepted by many countries around the globe. The highest internationally, mutually recognized certification level EAL4+ requires an inspection of the development site, as well as close scrutiny of the complete source code by independent experts. The certification process also includes flaw remediation, which evaluates Sophos' processes for supporting Sophos UTM with future security and maintenance updates.

    The IT Security Certificate warrants to customers, especially to those within the government sector, that security requirements are properly implemented and that the processes used meet recognized standards. One particular benefit of a Common Criteria certification is its compliance with various purchasing policies (e.g., NSTISSP #11 in the U.S.), mandating that federal departments and agencies shall acquire, for use on national security systems, only those information technology products that have been validated according to Common Criteria.