Common Criteria is an internationally recognized security certification required by the U.S. and many other governments worldwide for any of their departments and agencies interested in procuring commercially available products. Common Criteria certification also assures businesses that a product meets a standard measure of security whether it is used internally or in solutions for their customers.

Sybase completed its Common Criteria evaluation and certification for its Adaptive Server Enterprise database through SAIC’s Accredited Testing and Evaluation Labs in Columbia, Md.  « We are pleased to once again attain the Common Criteria certification for ASE, which assures our clients that Sybase continues to apply a strong discipline of engineering in order to deliver the most secure and reliable database, » said Tom Traubitz, Director of Product Management, Sybase. « This comes through not only in our engineering processes but also innovations, such as being able to encrypt databases without changing application code, controlling data access to also protect from insider threats, and delivering disaster recovery extensions that guarantee no data loss. »

This latest Common Criteria certification builds on the many new data security innovations of ASE 15. These unique features include a new column encryption strategy that eliminates the need to distribute encryption keys outside of the database. This innovative approach to data encryption ensures that no application modifications are required and protects encryption keys from exposure to everyone, including insider threats.  Adaptive Server Enterprise 15.0.1 is the latest product from Sybase to achieve Common Criteria certification, following ASE 12.5.2 certification in 2005 with EAL 4, augmented with ALC LFR.2 conformance claim. Other Sybase databases that have also received certification include SQL Anywhere and Sybase IQ, both certified with EAL3 augmented with ALC_FLR.2.

About Common Criteria

The National Information Assurance Partnership Common Criteria Evaluation verifies compliance with the Common Criteria certification standard and Validation Scheme (CCEVS) Validation Body—which is a joint activity managed by both the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA). The EAL3 certificate, together with its associated validation report, confirms that the security functions of the Adaptive Server Enterprise database have been evaluated at an accredited laboratory for conformance to the Common Criteria.