Common Criteria (EAL4) support
The National Institute of Standards and Technology (NIST) has developed Common Criteria to ensure we have a safe option for downloading software to use on the systems. Information held by IT products or systems is a critical resource that enables organizations to succeed in their mission. Additionally, individuals have a reasonable expectation that their personal information contained in IT products or systems remain private, be available to them as needed, and not be subject to unauthorized modification. IT products or systems should perform their functions while exercising proper control of the information to ensure it is protected against hazards such as unwanted or unwarranted dissemination, alteration, or loss. The term IT security is used to cover prevention and mitigation of these and similar hazards.
WAS v6.1 was certified at the Common Criteria EAL4 level, the highest level of any commercially available application server. WebSphere Application Server Version 7 was designed to meet or exceed the security capabilities of WAS v6.1, including the EAL4 requirements. The US CCEVS is no longer certifying software products as Common Criteria EAL compliant because they are moving to a new security standard referred to as Protection Profiles. The Protection Profiles requirements for middleware software have not yet been closed. When the Protection Profiles do close, it is our intent to see WebSphere Application Server Version 8 certified at the appropriate Protection Profiles level.
Related information:
Common Criteria Validation and Evaluation Scheme website (by the National Information Assurance Partnership)