Citrix apps on Common criteria path

Two application delivery products from Citrix Systems have been accepted for Common Criteria Certification, a leading international security standard accepted by governments worldwide.

Common Criteria are a set of functional and assurance security requirements developed to provide a common international evaluation baseline for information technology products and systems. The Defense Department, international government entities and many global corporations require Common Criteria certification to ensure IT products have been independently verified to meet their security claims.

The Citrix products up for consideration include Citrix NetScaler, a Web application delivery system that integrates application acceleration, security and high-availability capabilities; and Citrix Access Gateway Enterprise Edition, the company's Secure Sockets Layer virtual private network solution for secure application access. Both products have been accepted for strict, independent evaluation for Common Criteria Certification Evaluation Assurance Level 2 (EAL2) verification from the certification body of the U.K. Information Technology Security Evaluation and Certification Scheme.

The Communications-Electronics Security Group will independently evaluate Citrix NetScaler and Access Gateway Enterprise Edition. Citrix expects to receive examination results by the end of the year.

If the products earn certification, users can be assured that Web applications delivered and protected by Citrix application networking solutions meet strict government requirements ' including the policies and recommendations of DOD Wireless Directive 8100 and Instruction 8500.2; Office of Management and Budget Memorandum M-04-04 (E-authentication Guidance for Federal Agencies), and National Institute of Standards and Technology Special Publication 800-63 (Electronic Authentication Guidance) ' for features such as security functionality, identity management and the handling of vulnerabilities, Citrix officials said.

Citrix Presentation Server 4.5, the company's flagship Windows application delivery system, received EAL-2 certification in July, while Citrix Password Manager, a single sign-on product, earned EAL-2 certification in August.

About the Author

Rutrell Yasin is is a freelance technology writer for GCN.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected