The Kaspersky Endpoint Security for Windows application – a core part of Kaspersky Endpoint Security for Business - has officially been certified for passing the Common Criteria for Information Technology Security Evaluation (CC), an international standard for computer security certifications. Recognized in many countries, the certificate illustrates the quality of the product, the code’s integrity and Kaspersky Lab’s expertise when it comes to protecting its customers.

With more than half (57%)* of all businesses assuming that their IT security will be compromised at some point, cybersecurity is continuing to be of profound importance for public and private sector organizations alike. It is therefore vital that businesses can get assurances about the best products to protect their critical data and systems. The CC certificate is globally recognized among government bodies, state organizations and ministries responsible for security among its signatories, thereby providing a valuable indicator of quality and consistency.

The Kaspersky Lab product is now certified to the EAL2+ Assurance Level, which is recognized by all signatory countries across the world. Certification was conducted by an independent Spanish evaluation laboratory and approved by the certification body of Spain. The Certification Report issued confirms the ability of Kaspersky Endpoint Security for Windows to provide reliable encryption of device data, including user and operation system data, along with antimalware and access control functionality.

Data encryption is especially relevant for businesses in regard to the upcoming GDPR regulation, which requires businesses to ensure transparent data processing principles and robust data protection. Kaspersky Lab Full Disk encryption, build on pot of FIPS 140-2 certified technologies, allows companies to enable enforced encryption of sensitive data, without depending on end users to make decisions about which items should be encrypted. All files on the hard drive are automatically encrypted and password protected – including temporary files, which often contain sensitive data.

The Common Criteria evaluation is a comprehensive process and includes defining the product’s security functionality, an examination of product development and architectural documentation, rigorous independent functional testing and vulnerability analysis by the accredited testing laboratory. Certification results are then examined by one of the certification bodies, and the certificate is then issued.

Common Criteria standard is maintained by multiple government bodies around the world such as the National Cyber Security Centre (UK), Centro Criptológico Nacional (Spain), Agence Nationale de la Sécurité des Systèmes d'Information (France), Bundesamt für Sicherheit in der Informationstechnik (Germany), The National Security Agency and the National Institute of Standards and Technology (US) and many others. Many governments use this as a requirement for the procurement of security products.

The current list of signatory nations, and more information about mutual recognition can be found on the Common Criteria Portal at https://commoncriteriaportal.org.

Certificate is available here: https://www.commoncriteriaportal.org/files/epfiles/2014-40-CCRA.pdf.