MarkLogic Server Earns Common Criteria Security Certification

MarkLogic Corporation has announced that MarkLogic Server has earned Common Criteria Certification from an unbiased independent evaluator. MarkLogic's XML server has been validated in accordance with the provisions of the National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme (CCEVS) for IT Security, an IT security certification program.

“This time-intensive certification proves that MarkLogic Server has an extremely high degree of security, both in its design and implementation,” states Chris Biow, federal chief technology officer, MarkLogic. “Security-conscious customers, such as the U.S. federal government, are now requiring Common Criteria Certification as a determining factor in purchasing decisions. We are pleased to have achieved this level of certification as it assures our customers worldwide and across every industry that their trusted information is secure with MarkLogic Server.”

Common Criteria is an internationally recognized standard used by governments and other organizations to assess the security capabilities of technology products. Under the Common Criteria, products are evaluated according to strict standards for various features, such as security functionality and the handling of security vulnerabilities. Common Criteria gives customers more confidence in the security of technology products and helps lead to more informed decisions.

MarkLogic Server earned an EAL3 certification, which means the product was evaluated in design stage, with independent verification of the developer's testing results. This certification also evaluates the developer's checks for vulnerabilities, the development environmental controls, and the product's configuration management. MarkLogic Server is now officially validated as able to support six top CCEVS categorized security functions identified by the NIAP as: Security Audit, User Data Protection, Identification and Authentication, Security Management, Protection of the TSF Data, and TOE Access. For more information, go here.

The certification process includes detailed analysis of the design and implementation of MarkLogic Server, thorough documentation of the design and Quality Assurance (QA) processes, as well as thorough independent testing of the MarkLogic Sever security features.

MarkLogic is privately held with investors Sequoia Capital and Tenaya Capital. For more information, to download a trial version, or to read MarkLogic CEO Dave Kellogg’s blog, go here.