I've found the EAL4+ certification for UTM9 1.000 but nothing related to UTM 9.409, where i can read that this release is EAL4+ compliant?
thanks
This thread was automatically locked due to age.
I've found the EAL4+ certification for UTM9 1.000 but nothing related to UTM 9.409, where i can read that this release is EAL4+ compliant?
thanks
Hi, Pasquale, and welcome to the UTM Community!
This is a question you should ask of Sophos or your reseller. This is a users-helping-other-users community that is visited occasionally by Sophos technical employees.
Cheers - Bob
As Bob says ... confirm IF (Big IF) the current version is EAL4+
The following is a statement from 2015 ... however do not consider this as FACT
In April 2015, Sophos UTM v9 earned the Common Criteria (ISO 15408) certification under the German Common Criteria Evaluation and Certification Scheme by the German Federal Office for Information Security BSI (Bundesamt für Sicherheit in der Informationstechnik). As soon as we receive the certificate it will be available for download under the following link: https://www.sophos.com/en-us/support/knowledgebase/117713.aspx.
Version Details
The certificate with the identification number BSI-DSZ-CC-0942 applies to the product Sophos UTM v9 Packet Filter Version 1.000, which is the firewall component of the UTM security solution Sophos UTM v9 and was delivered with Sophos UTM 9.305. The certification is based on the Common Criteria Version 3.1 Revision 4 for the security level EAL4+ and was accompanied by the accredited testing laboratory SRC (Security Research & Consulting GmbH) situated in Bonn, Germany.
What is Common Criteria?
Common Criteria is a standard for evaluating the security features and capabilities of information technology products and is accepted by many countries around the globe. The highest internationally, mutually recognized certification level EAL4+ requires an inspection of the development site, as well as close scrutiny of the complete source code by independent experts. The certification process also includes flaw remediation, which evaluates Sophos' processes for supporting Sophos UTM with future security and maintenance updates.
The IT Security Certificate warrants to customers, especially to those within the government sector, that security requirements are properly implemented and that the processes used meet recognized standards. One particular benefit of a Common Criteria certification is its compliance with various purchasing policies (e.g., NSTISSP #11 in the U.S.), mandating that federal departments and agencies shall acquire, for use on national security systems, only those information technology products that have been validated according to Common Criteria.