CyberGuard To Enter Evaluation For Department Of Defense’s Rigorous New Medium Robustness Protection Profile For Firewalls
– Testing Validates That Firewalls Protect Mission-Critical Data for US Government Agencies –
Ft. Lauderdale, Fla. – March 11, 2003 – CyberGuard Corporation (AMEX: CFW), the technology leader in network security, today announced that it will enter evaluation for the new “U.S. Department of Defense Firewall Protection Profile for Medium Robustness Environments” (MRPP), version 1.0. The new MRPP supersedes earlier versions that address traffic filter and application-level firewalls separately.
Developed as an independent means of validating that security products, such as firewalls, address threats that exist in a specific environment, protection profiles serve to extend the National Information Assurance Acquisition Policy (NSTISSP No. 11), which took effect July 2002. That policy mandates that government agencies only purchase information security products, including firewalls, which have been evaluated and certified according to internationally recognized Common Criteria. In August, the DoD issued a memorandum stating further that products must also meet protection profiles. There are no firewall vendors who currently meet the earlier medium robustness protection profiles.
Mike Wittig, chief technology officer and vice president of development for CyberGuard Corporation, commented, “Protection profiles provide a link between the high level Common Criteria evaluation and the specific functionality required in a real-world environment. We’ve been anticipating the release of this new more rigorous set of requirements for some time and are geared up to pursue validation. CyberGuard has a longstanding commitment to independent information security evaluation. We were first to receive a number of certifications, and the only firewall vendor to ever achieve a TCSEC/NCSC Orange Book B1 level certification, which we earned for our secure operating system and network stack.”
CyberGuard is also currently the only firewall provider in the world participating in an ongoing Common Criteria evaluation assurance maintenance program. This is significant because ongoing evaluation assures that, when firewall manufacturers issue new upgrades and revisions to certified technology, the product maintains its certification level. Without ongoing evaluation, when new versions of a security product are released, those products do not retain the original assurance levels.
About Common Criteria
The Common Criteria for Information Technology Security Evaluation (CCITSE) is a set of evaluative criteria agreed to by the National Security Agency/National Institute of Standards and Technologies and equivalent bodies worldwide. It was designed to resolve technical and conceptual differences among existing standards for evaluating network security systems and products. An international standard – ISO 15408 – Common Criteria represents the outcome of efforts to develop criteria for evaluating IT security that are widely accepted within the international community and mutually recognized by 16 countries: US, UK, Australia, Austria, Canada, Finland, France, Germany, Greece, Israel, Italy, The Netherlands, New Zealand, Norway, Spain and Sweden.
About CyberGuard Corporation
CyberGuard Corporation, the technology leader in network security, provides enterprise and electronic commerce security solutions to Global 2000 companies and governments worldwide. CyberGuard’s award winning firewall/VPN products and services protect the integrity of data and applications from unauthorized access. CyberGuard’s appliances, which include SL, KS, FS and LX models, hold Common Criteria Evaluation Assurance Level 4+ (EAL4+) certification, the most prestigious and rigorous IT security evaluation available. The company has world headquarters in Ft. Lauderdale, Florida, and branch offices worldwide. More information on CyberGuard Corporation can be found at
Forward-Looking Statements
This press release contains forward-looking statements that involve certain risks, uncertainties and factors, including without limitation, those described in the Company’s filings with the Securities and Exchange Commission, that may cause the Company’s future actual results to materially differ from the Company’s current expectations. The Company assumes no obligation to update any forward-looking statements.