Symantec Pass International Certifications
For Data Loss Prevention, Control Compliance Suite and Endpoint Protection
This is a Press Release edited by StorageNewsletter.com on September 7, 2012 at 2:54 pm
Symantec
Corp.
announced Symantec
Data
Loss
Prevention,
Symantec
Control
Compliance
Suite
and Symantec
Endpoint
Protection
have achieved Federal Service for Technical and Export Control (FSTEK
of Russia) certification.
This organism is a body of
executive authority responsible for implementing national policy,
ensuring inter-departmental cooperation, coordination and control
functions in state security. According to FSTEK Order 58, a mandatory
certification is required for the security products deployed for
protecting the government confidential/classified information or
personal data and information of restricted access.
The personal data
and information of confidential nature and of restricted access is
categorized by FSTEK as K1-category personal data. Institutions and
companies processing K1 data are required to use only NDF certified
security technology. TU certification involves testing the product
functionality to validate its compliance with technical conditions
(black box testing) and NDF certification establishes the absence of
undeclared capabilities in the product such as buffer overflows,
debug passwords and covert channels (source code testing).
Symantec PGP Whole Disk Encryption
has also achieved CEGS/CAPS certification in the United Kingdom.
CEGS, which operates as the National Technical Authority for
Information Assurance for the UK’s public sector (including the
Health Service, law enforcement and local government) and the
essential services that form the UK’s Critical National
Infrastructure (such as power and water), provides policy and
assistance on the security of communications and electronic data,
working in partnership with industry and academia in the United
Kingdom.
These certifications enable
governments to enact regulations intended to protected personal data.
Compliance with personal data protection regulation is the
responsibility of the organization, governmental or commercial, who
store and process personal data. The compliance with these
regulations is controlled via audits carried out by the government
appointed entities. Symantec’s certifications enable organizations
to meet the requirements of compliance by using certified security
products.
The Control Compliance Suite, the
enterprise IT governance, risk and compliance (GRC) solution,
provides compliance and risk management solution that enables
security leaders to communicate IT risk in relevant terms, prioritize
remediation efforts based on business criticality, and automate
time-consuming manual assessment processes to improve their
organization’s security and compliance posture while reducing cost
and complexity.
Data Loss Prevention solution
delivers a solution to monitor, protect and manage confidential data
wherever it is stored or used. It allows organizations to reduce
their risk of a data breach, demonstrate regulatory compliance and
safeguard customer privacy, brand equity and intellectual property.
Symantec Endpoint Protection
solution provides antivirus, antispyware, firewall, and intrusion
prevention and device and application control.
"With
the increasing amount of data that exists in IT environments, it is
essential that protections are in place to guard against intrusions
from unauthorized users,"
said John Bordwine, CTO of Symantec’s Public Sector organization.
"These
certifications provide assurance that organizations like banks,
telecommunications, and health companies that handle personal data
are using technologies that uphold the standard of protecting
critical personal data."
Symantec
is committed to providing IT security products with significant value
to private and public sector customers. As part of that program, they
are continuously improving internal development efforts and business
processes to ensure that it meets requirements from Common Criteria,
Federal Information Processing Standard (FIPS), CEGS/CAPS,
VPAT/Section 508, Security Technical Implementation Guide (STIG),
Security Content Automation Program (SCAP), Federal Service for
Technical and Export Control (FSTEK of Russia), and other local,
state, government, and worldwide requirements. Symantec also
maintains active participation in various government working groups
and policy development organizations.