Tripwire has demonstrated its ongoing commitment to meeting U.S. government and internationally recognized security standards by achieving the most current Common Criteria standards for its latest version of Tripwire IP360’s 9.0.1, specifying the certification as “Evaluation Assurance Level 2 augmented with Flaw Remediation” (EAL2+).
VM and SCM for Federal AgenciesTripwire IP360 and Tripwire's secure configuration management solution, Tripwire Enterprise, are among only 12 “Detection Devices and Systems” recognized globally as being Common Criteria certified. So what is Common Criteria, and why is this new recognition so significant?
What is Common Criteria?Internationally recognized as the evaluation standard for IT security products, Common Criteria certifications provide independent assurance to government and commercial agencies that the products being purchased satisfy security requirements for information systems. Essentially, they’re there to make sure security products actually do what they claim to do. The certification for Tripwire IP360 was issued by the Communications Security Establishment (CSE), the Government of Canada’s center for IT security expertise, advice and guidance, and a participant of the Common Criteria Recognition Arrangement (CCRA). The CCRA brings together 28 nations who agree to accept a unified approach to the evaluations of IT products and protection profiles for information assurance and security.
Common Criteria EvaluationsWhen the Common Criteria organization assesses the security of a product, they use a 1-7 scale to rank their evaluation assurance level (ELA). This number indicates how thoroughly and rigorously they tested the solution in question. A higher ELA doesn’t indicate a more secure product — only that more testing took place to verify that particular solution. Testing takes place via licensed laboratories selected by the Common Criteria organization. Testing through certification bodies like Common Criteria helps reduce product research costs for agencies and provides a standardized, repeatable, independent verification process so agencies can trust that their solutions are heavy-duty enough to entrust with the protection of sensitive governmental data.
“Tripwire IP360 has a long history of enabling governments to accurately prioritize risk and take action on their most exposed assets,” says Mitchell Jukanovich, vice president of federal sales at Tripwire. “Achieving the most current Common Criteria certification illustrates Tripwire’s continuing commitment to meet increasingly stringent U.S. national and international security standards and is assurance that we’re bringing the most secure products to market.”
Why Tripwire IP360?Common Criteria added Tripwire IP360 to the list of certified solutions in the “Detection Devices and Systems” category alongside Tripwire Enterprise. This means existing federal Tripwire Enterprise customers who use its file integrity monitoring and security configuration management functionality to protect their critical data can now add another layer of defense to their cybersecurity program: advanced VM. Tripwire IP360 serves as a complete VM toolkit for government agencies. It automatically scores risks to help you address significant vulnerabilities right away, allowing you to take a look at the granular details around each risk. It uses a unique fingerprinting method to produce a comprehensive asset inventory and identify vulnerabilities across each and every endpoint connected to your network. When you apply Tripwire IP360 to your environment, you can expect to reduce risk scores by more than 50 percent.
Why Federal Agencies Look to Tripwire IP360 for Vulnerability Management
- Faster vulnerability scans with fewer false positives
- Combines agent-based and agentless scanning results
- Supports on-premises, cloud and hybrid environments
- Efficient and accurate vulnerability scoring and prioritization
- Open APIs enable integration with help desk and asset management
- Minimizes manual efforts through integration with your existing toolsets