Amplify Platform Digital Security

Axway’s commitment to security: achieving Common Criteria EAL4+ certification for API Gateway

Axway's commitment to security: achieving Common Criteria EAL4+ certification for API Gateway

A French version of this article is provided here. Retrouvez une version française ici.

I am proud to share that our Axway API Gateway has earned Common Criteria – Evaluation Assurance Level 4 augmented or plus (CC EAL4+) certification, demonstrating our ability to meet the most demanding security requirements. This achievement signifies the dedication and hard work of our team in ensuring that our product is designed, tested, verified, and shipped securely.

So what exactly is Common Criteria EAL4+ certification, and why does this matter to our customers?

What is Common Criteria verification?

Common Criteria is a global standard to evaluate the security features and capabilities of IT products.  The testing is conducted by an independent testing agency, and Common Criteria certification is recognized by Governments around the world as the standard for validating security claims of products before purchase.

Achieving Common Criteria certification marks the ability to meet or exceed the security requirements of all the nations who are members of the Common Criteria Recognition Agreement (CCRA). It provides the criteria for independent, scalable, and globally recognized security inspections for IT products.

Evaluation Assurance Level 4 augmented or plus (CC EAL4+) certification, specifically, has requirements beyond those of the standard EAL4 evaluation. Notably, it requires that the solution be designed with advanced security mechanisms that are specifically tailored to the product or system being evaluated.

EAL4+ is the highest security level for an API management solution.

Why is Common Criteria EAL4+ certification valuable?

Common Criteria can be a prerequisite for industries that typically have high security requirements and operate in environments where the consequences of a security breach could be severe. This includes defense & space systems, energy networks, financial trading networks, healthcare organizations, and communications networks, all of which operate under strict compliance requirements.

Even for organizations outside of critical sectors, a security breach or data leak is obviously costly and can cause reputational damage far beyond the initial incident. Common Criteria certification provides assurance that a product has been designed and tested to meet rigorous security standards.

Because Common Criteria certification is globally recognized, customers can more easily compare and evaluate security claims across different products and vendors. And an objective and independent certification process frees the evaluation from any bias or influence.

Axway API Gateway’s Common Criteria EAL4+ Certification

Axway’s achievement of CC EAL4+ certification for API Gateway represents another milestone in our commitment to the ongoing security of our leading Amplify Platform.

Common Criteria certification is a long and extremely intense process: testing includes searches for vulnerabilities, identification of developer controls, tools, life-cycle model, and automated configuration management.

The evaluation process even looks at how we build our software solutions and ensures there’s an established process for dealing with security breaches.

CC EAL4+ certification for our API Gateway gives customers a high level of trust in how the solution has been designed, tested, built, and shipped.

Find Axway’s CC EAL4+ certification documents here (in French).

What this means for Axway customers

Security has always been in our DNA. This additional level of Common Criteria certification is one more assurance that we continue to build security into the fabric of our solutions. Peace of mind with regards to mission-critical solutions is especially important as hackers increasingly target APIs to gain access to sensitive data.

We also know that security is more than technology: it requires companies to take a broader view of people, processes, and system design. This is why, beyond arming enterprises with secure and compliant solutions, Axway’s experts provide the guidance needed to build security into every step of their API journey.

By achieving this certification, Axway demonstrates its commitment to providing secure solutions that meet the highest security requirements. And this commitment is how we’ve already helped enterprises around the world enrich their customer experience, accelerate innovation, and simplify data security and governance with our Amplify Platform.

Don’t let security fears be a roadblock to publishing APIs: with a solution you can trust and the right security strategy, you’ll bring new digital products to market faster than before and drive continued growth.

Download this checklist today for 6 ways to achieve smarter, more secure API management.

Key Takeaways

  • Axway's API Gateway has achieved Common Criteria Evaluation Assurance Level 4 augmented or plus (CC EAL4+) certification.
  • CC EAL4+ is a globally recognized security standard for IT products, used by governments and industries with high security requirements.
  • This certification marks Axway's commitment to providing secure solutions that meet the highest security requirements, enabling customers to enrich their customer experience and accelerate innovation.