Award-Winning Product Is the Only NoSQL Database Platform with NIAP Common Criteria Certification
MarkLogic Corporation, the leading Enterprise NoSQL database platform company, today announced that MarkLogic Server 6.0-4 has earned Common Criteria Certification through independent testing conducted by Leidos, formerly SAIC. MarkLogic Server 6.0-4 has been validated in accordance with the provisions of the National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme (CCEVS) for IT Security, one of the nation’s most exceptional IT security certification programs. This certification further enhances MarkLogic as the only commercial NoSQL database management system (DBMS) vendor with a NIAP Common Criteria evaluation.
Common Criteria is an internationally recognized International Standards Organization standard (ISO/IEC 15408) used by governments and other organizations to assess the security capabilities of technology products. Under the Common Criteria, products are evaluated according to strict standards for various features, such as security functionality and the handling of security vulnerabilities. Common Criteria gives customers more confidence in the security of technology products and helps lead to more informed decisions.
MarkLogic Server 6.0-4 earned an EAL2 with ALC_FLR.3 certification, which means the product meets all stated security functional requirements as well as remediation process requirements for potential vulnerabilities. This certification also evaluates the developer’s checks for vulnerabilities, the development environmental controls and the product’s configuration management, with independent verification of the developer’s testing results. MarkLogic Server 6.0-4 is now officially validated to support six top CCEVS security functions identified by the NIAP: Security Audit, User Data Protection, Identification and Authentication, Security Management, Protection of the TSF Data, and TOE Access.
“Security is a critical capability for an enterprise database management system. MarkLogic has sophisticated and granular role-based security features, as well as capabilities that facilitate secure deployment. This certification provides independent, third-party validation and demonstrates that these security capabilities meet rigorous security standards,” said David Gorbet, vice president of engineering, MarkLogic. “Security-conscious customers, such as the U.S. federal government and many financial institutions, require Common Criteria Certification as a determining factor in purchasing decisions. We are pleased to have achieved this level of certification as it assures our customers worldwide and across every industry that their trusted information is secure with MarkLogic.”
The certification process, conducted by engineers from the science and technology solutions leader Leidos, formerly SAIC, included detailed analysis of the database security and cryptographic features of MarkLogic Server 6.0-4 as well as thorough documentation of the design and Quality Assurance (QA) processes.