Public Sector Certifications
Protecting the confidentiality of sensitive government information, preventing unauthorized access, and defending government networks against attacks remains a primary concern of government network security professionals today. Widespread remote access by mobile employees and the growing number of sophisticated cyber attacks are making the management of network security significantly more challenging.
A security certification is a third-party verification of a vendor’s security claims against defined security evaluation criteria. These certifications result in an independent measure of assurance, which increases government and military decision maker confidence in the security of a commercial security product. Securing government information systems is all about managing risk, and the use of certified or evaluated products helps reduce the number of unknowns when implementing a security infrastructure. Today, certifications are required or strongly desired by many government customers worldwide. Additionally, many commercial customers place high value on security certifications.
Common Criteria
According to the official Common Criteria site, “the Common Criteria defines a set of IT requirements of known validity which can be used in establishing security requirements for prospective products and systems.”
In more practical terms, the Common Criteria is a set of internationally recognized and accepted standards that allows vendors to make claims about the security functionality of their products and then demonstrate through third-party testing and verification that the products actually meet those claims. Potential customers can use Common Criteria certifications as a basis by which to evaluate the secure nature of IT products that they want to procure, without going through their own expensive and time-consuming security testing and qualifications. Today, more than 22 countries have adopted the Common Criteria certification.
Federal Information Processing Standards (FIPS)
The National Institute of Standards and Technology (NIST) developed FIPS to ensure the security of algorithms and cryptographic functions. These standards are used as a guideline for federal procurements and are recognized by the U.S., Canada, and increasingly, by other governments around the world such as the UK. In addition, FIPS is likely to be adopted in some parts by organizations and enterprises in the financial arena, as part of the American National Standards Institute (ANSI).
The FIPS 140-2 standard defines security requirements that must be met by a cryptographic module used in an IT security system that protects unclassified information. FIPS validation verifies the secure design and implementation of the crypto module in question. Areas analyzed and validated by FIPS 140-2 include cryptographic algorithms, key management, software security, physical security, basic design and documentation, etc.
Listing of Juniper Networks Certifications
The following link provides the list of certifications that have been awarded to Juniper.
