RSA® Security Analytics Threat Detection & Response Solution Receives Common Criteria Certification

Common Criteria certification for RSA Security Analytics (RSA NetWitness Logs & Packets) demonstrates product passed stringent, impartial security testing.


  • RSA® Security Analytics receives EAL 2+ certification, validating product development processes, documentation, product testing, and security of the product
  • Designation demonstrates to public and private customers, in U.S. and beyond, that product passed stringent, impartial security testing
  • Common Criteria is a critical certification for many government agencies world-wide when purchasing security technologies like Security Analytics for threat detection and response

BEDFORD, MA, May 17, 2016 — RSA, the Security Division of EMC (NYSE: EMC), today announced that it has received the Common Criteria Evaluation Assurance Level (EAL) 2+ certification for the latest version of its RSA Security Analytics product. RSA Security Analytics is engineered to provide pervasive visibility with real-time behavior analytics to detect and respond to many types of attacks.

Common Criteria is a technically demanding, internationally recognized security certification required by the U.S. and more than 20 national governments worldwide for departments and agencies seeking to procure commercial products. Common Criteria certification provides assurance that the process of specification, implementation and evaluation of computer security products has been conducted in a rigorous, standard, and repeatable manner. It involves rigorous evaluation, documentation, and testing against exacting standards to ensure products meet established minimums for functionality, information assurance, audit, management, as well as mandates for cryptographic capabilities required by the US Federal Government, global public sector organizations, critical infrastructure, and private industry.

The latest version of RSA Security Analytics being shipped was announced at the 2016 RSA Conference in San Francisco, unveiled expanded real-time behavior analytics capabilities, allowing analysts to expedite detection of advanced attack activities, among other capabilities. The new product has received certification at the EAL 2+ level of the Common Criteria scheme, which addresses product functionality development environment, documentation and product testing measures.

The evaluation was performed by Leidos' Common Criteria Testing Laboratory within its Commercial Cybersecurity practice. Leidos is one of the top evaluation and testing laboratories approved by the National Information Assurance Partnership (NIAP) to conduct testing and evaluation for Common Criteria and other certifications critical to U.S. government customers.


Mike Brown, Rear Admiral, United States Navy (Retired), Vice President and General Manager of RSA Global Public Sector, RSA

"Demand for advanced threat detection and response systems has skyrocketed, as customers step up efforts to detect attacks quickly and respond to them earlier in the attack lifecycle. This Common Criteria designation will help give public- and private-sector customers a high level of confidence in the ability of RSA Security Analytics to meet their security needs."

"Every day the US Federal government and the critical infrastructure community entrust RSA to help with a vital mission: to prevent adversaries from obtaining critically sensitive data or disrupting systems. This certification is a testimony to the high standards to which we hold ourselves at RSA. The Common Criteria Evaluation Assurance recognizes that RSA Security Analytics meets or exceeds expectations for prescribed functionality, as well as for information and assurance, audit, management, and cryptographic requirements. We are proud that RSA Security Analytics has achieved this important certification to prove our commitment to offering world-class security solutions.



RSA provides more than 30,000 customers around the world with the essential security capabilities to protect their most valuable assets from cyber threats. With RSA's award-winning products, organizations effectively detect, investigate, and respond to advanced attacks; confirm and manage identities; and ultimately, reduce IP theft, fraud, and cybercrime. For more information, go to


The Common Criteria for Information Technology Security Evaluation is an international standard (ISO/IEC 15408) for evaluating the security properties of IT products. It involves rigorous evaluation, documentation and testing against strict standards to ensure a product meets established minimums for functionality and performance. The Common Criteria is used by governments and other organizations around the world to assess the security of information technology products and is often specified as a pre-requisite to procurement.

RSA and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other company and product names may be trademarks of their respective owners.

This release contains "forward-looking statements" as defined under the Federal Securities Laws. Actual results could differ materially from those projected in the forward-looking statements as a result of certain risk factors, including but not limited to: (i) risks associated with the proposed acquisition of EMC by Denali Holdings, Inc., the parent company of Dell, Inc., including, among others, assumptions related to the ability to close the acquisition, the expected closing date and its anticipated costs and benefits; (ii) adverse changes in general economic or market conditions; (iii) delays or reductions in information technology spending; (iv) the relative and varying rates of product price and component cost declines and the volume and mixture of product and services revenues; (v) competitive factors, including but not limited to pricing pressures and new product introductions; (vi) component and product quality and availability; (vii) fluctuations in VMware, Inc.'s operating results and risks associated with trading of VMware stock; (viii) the transition to new products, the uncertainty of customer acceptance of new product offerings and rapid technological and market change; (ix) risks associated with managing the growth of our business, including risks associated with acquisitions and investments and the challenges and costs of integration, restructuring and achieving anticipated synergies; (x) the ability to attract and retain highly qualified employees; (xi) insufficient, excess or obsolete inventory; (xii) fluctuating currency exchange rates; (xiii) threats and other disruptions to our secure data centers or networks; (xiv) our ability to protect our proprietary technology; (xv) war or acts of terrorism; and (xvi) other one-time events and other important factors disclosed previously and from time to time in the filings of EMC, the parent company of RSA, with the U.S. Securities and Exchange Commission. EMC and RSA disclaim any obligation to update any such forward-looking statements after the date of this release.