On Wednesday, February 16, 2011, during a reception at the RSA Conference in San Francisco, SAP received the Common Criteria Certification for SAP NetWeaver Application Server Java presented by Michael Hange, president of German certification authority BSI (Federal Office for Information Security). The Common Criteria are internationally accepted standards for secure information technology. It allows IT users to compare and benchmark software and applications. The certificate also sends a clear signal that a vendor’s software lives up to its security claims and has been verified by a standardized evaluation process.
SAP received a level 4+ Common Criteria Certification for SAP NetWeaver Application Server 7.02 Java, support package 3. An additional certification for the related ABAP server is expected to be finalized later this year. During the evaluation process, the auditors not only checked the application’s security features and functions but also the security of the development life cycle and processes. The Common Criteria Certification attests that SAP meets ambitious security requirements in various “disciplines”, including software architecture, guidance documents for customers, processes related to the software production, security target evaluation and testing methodologies. SAP software has also successfully passed a comprehensive vulnerability assessment.
More details on the Common Criteria Certification and the certification report in full are available on SAP Service Marketplace at https://service.sap.com/commoncriteria and in the SAP Insider article “Secure Solutions, Peace of Mind – Guaranteed“.