Press Releases

Versa Networks Achieves Common Criteria EAL4+ Certification Further Validating the Security and Controls of its SASE and Secure SD-WAN Operating System

Versa Operating System (VOS) Independently Certified to Meet Stringent EAL4+ Security Requirements Used in High-Assurance Deployments
Santa Clara, Calif., – December 11, 2023

Versa Networks, the global leader in AI/ML-powered Unified Secure Access Service Edge (SASE) and Software Defined WAN (SD-WAN), today announced it has completed the stringent Common Criteria (CC) Certification process against the EAL4+ baseline for its Versa Operating System (VOS)™, which is the foundation for the Versa Unified SASE and Versa Secure SD-WAN solutions.

The internationally recognized Common Criteria cybersecurity certification framework is used to evaluate the security readiness of technology products for critical infrastructure, such as energy grids, financial trading networks, and communication networks. This is another important milestone which highlights Versa Networks’ continued commitment to providing the highest level of security assurance to customers facing heightened cybersecurity concerns.

“As a former Common Criteria consultant, evaluator and lab director, I can attest to the difficulties of completing high-assurance evaluations against EAL4+ requirements,” said Ken Lasoski, Director of Federal Compliance at Versa Networks. “Evaluations of this nature and complexity have been known to span more than a year and consume countless resources, and success is never a guarantee. Versa Networks is proud to have achieved this incredibly important milestone in our security and compliance journey in short order.”

What is the Common Criteria security assurance framework?

The Common Criteria for Information Technology Security Evaluation (ISO 15408, or “CC”) is an international standard and framework for cybersecurity testing and certification of commercial off-the-shelf (COTS) products. EAL4+ (Evaluation Assurance Level 4 – augmented) is the highest level of security assurance that is mutually recognized among EU nations that are part of the European SOGIS-Mutual Recognition Agreement. SOGIS-MRA became effective in April 2010 and provides mutual recognition of certificates based on the Common Criteria (CC) Evaluation Assurance Level up to and including EAL4 for all IT products. The broader Common Criteria Recognition Arrangement (CCRA) provides certification reciprocity up to EAL2 between the 31 countries that have adopted the CC, including U.S., Canada, Germany, France, U.K., Spain, Italy, Norway, Sweden, India, Israel, Turkey, Australia, New Zealand, Japan, Singapore, Malaysia, and South Korea.

CC EAL4+ certification provides high assurance of a product’s security functionality and hardening through independent third-party assessment by an accredited laboratory. This covers a broad range of security functions including auditing, access control, encryption, identification and authentication, secure administration, tamper resistance, and trusted communication paths. In addition, it involves a comprehensive audit of a product’s design and source code, development lifecycle security controls and practices, release management process, QA, and vulnerability management procedures.

For more information, see below for the Versa Networks CC EAL4+ certification materials:

Other Versa Security Certifications

Versa continues to invest in certifications that are significant for enterprises, governments and service providers responsible for critical infrastructure who must ensure the highest levels of security and performance for their organizations. Other major certifications achieved by Versa Networks include:

  • FIPS 140-2 issued by NIST – complete end-to-end security with FIPS validated cryptography for the entire solution. FIPS 140-2 is typically required to complete CC EAL4+.
  • ISO/IEC 27000-1 Certified – signifies that an organization has implemented and maintains an Information Security Management System (ISMS) in accordance with the requirements of the ISO/IEC 27001 standard.
  • SOC 2 Type 2 – signifies that a service organization has undergone a comprehensive audit of its internal controls related to security, availability, processing integrity, confidentiality, and privacy, conducted by an independent third-party auditing firm.
  • PCI DSS Compliance – Versa solutions have demonstrated compliance with the Payment Card Industry Data Security Standard (PCI DSS), which is essential for organizations handling credit card and payment data.
  • HIPAA Compliance – signifies that an organization or entity subject to the Health Insurance Portability and Accountability Act (HIPAA) has implemented the necessary safeguards and measures to protect the privacy and security of individuals’ protected health information (PHI).
About Versa Unified SASE

Versa’s AI/ML-powered single-vendor Unified SASE delivers organically developed best-of-breed functions that tightly integrate and deliver services via the cloud, on-premises, or as a blended combination of both, managed through a single pane of glass. Versa delivers SASE services such as Secure SD-WAN, Next-Generation Firewall, Next-Generation Firewall as a Service, Cloud Network Firewall, Unified Threat Management (UTM) including Advanced Threat Protection (ATP), Secure Web Gateway (SWG), Zero Trust Network Access (ZTNA), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Remote Browser Isolation (RBI), and User and Entity Behavior Analytics (UEBA). Versa’s single-vendor Unified SASE platform goes above and beyond management console automation by providing the ability to integrate networks, points of presence, policy definitions, application definitions, agent logic, and data lakes.

About Versa Networks

Versa Networks, the leader in single-vendor Unified SASE platforms, delivers AI/ML-powered SSE and SD-WAN solutions. The platform provides networking and security with true multitenancy, and sophisticated analytics via the cloud, on-premises, or as a blended combination of both to meet SASE requirements for small to extremely large enterprises and Service Providers. Thousands of customers globally with hundreds of thousands of sites and millions of users trust Versa with their mission critical networks and security. Versa Networks is privately held and funded by Sequoia Capital, Mayfield, Artis Ventures, Verizon Ventures, Comcast Ventures, BlackRock Inc., Liberty Global Ventures, Princeville Capital, RPS Ventures and Triangle Peak Partners. For more information, visit https://www.versa-networks.com or follow Versa Networks on Twitter @versanetworks.

Press Contact
Dan Spalding

dspalding@versa-networks.com
(408) 960-9297

Versa Networks, VOS, and Versa Titan are or may be registered trademarks of Versa Networks, Inc. All other marks and names mentioned herein may be trademarks of their respective companies.