Tripwire Achieves Common Criteria Validation

Portland, OR - Jul 16, 2009 - Tripwire®, the leader in configuration control solutions, announced today that its flagship product, Tripwire Enterprise, has been validated for Common Criteria Evaluation Assurance Level (EAL) 3 Augmented with Flaw Remediation (ALC_FLR.2) or EAL 3+ for short. This certification illustrates Tripwire’s continuing commitment to building secure configuration control and file integrity monitoring solutions for the rigors of government use, particularly those organizations that require the highest level of security assurance.


The Common Criteria (CC) is a framework that ultimately provides assurance that the processes of development and evaluation of an information technology (IT) security product have been conducted in rigorous and standard manners. It is a requirement of U.S., Canadian, Australian and Japanese governments when purchasing IT products. Twenty-six countries now recognize the Common Criteria (also published as ISO/IEC 15408 and ISO/IEC 18045 international standards) as the official third-party evaluation criteria and methodology for IT security products. In addition, Common Criteria Certification is looked upon favorably and sometimes required by the U.S. Department of Defense and Intelligence Community.

"Achieving the Common Criteria Certification shows Tripwire’s commitment to building value and an increased level of security required in the highest levels of government information systems," said the Director of the SAIC Common Criteria Testing Laboratory. "With this EAL 3+ certification, Tripwire is proven as suitable for use on the U.S. Department of Defense networks."

The validation program is administered by the National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme (CCEVS), a U.S. Government initiative designed to facilitate the security testing needs of both IT consumers and producers, and is operated by the National Security Agency (NSA). The Department of Defense Directive 8500 mandates that IT security products used on its sensitive networks be evaluated using the CC.

"Tripwire has a large installed customer base of more than 700 distinct Federal customers at 95 percent of all Federal government agencies," said Randy Crow, Federal Vice President at Tripwire, Inc. "This certification demonstrates Tripwire’s ongoing commitment to the Federal government marketplace, it’s contractors and Federal Standards."

Tripwire increased its validation from EAL 1 for Tripwire for Servers and Tripwire Manager to EAL 3 for Tripwire Enterprise 5.2. Tripwire’s validation report is posted on the NIAP Validated Products List at

The Common Criteria Evaluation and Validation Scheme (CCEVS) for IT Security is a program designed to oversee the evaluations that ensure IT product conformance to international standards. A partnership between the public and private sectors, the program is designed to help governmental organizations select commercial IT products that can meet their security requirements. See for more information.