Common Criteria is an international standard for computer security certification that verifies that a product meets independent security assurance requirements. It allows government agencies to purchase security products in confidence, based on a stringent common criteria certification process and rating.
For example, IT security products procured by the US Government for National Security Systems are required to have the common criteria certification under the National Security Telecommunications and Information Systems Security Policy #11 (NSTISSP #11). The Department of Defense 8500 directive and instructions (8500.1 and 8500.2) both indicate the DoD systems should include only evaluated products. Many other countries and industries require common criteria certifications to meet their standards.
Rapid7 InsightVM is Common Criteria certified for Evaluation Assurance Level 3 Augmented (EAL3+) from the Canadian Common Criteria Evaluation and Certification Scheme (CCS). Tested by the independent EWA-Canada laboratory as the Common Criteria Certification Evaluation Facility (CCEF), this common criteria certificate provides third-party validation for the security features of Rapid7 InsightVM. To date, InsightVM has achieved the highest assurance level of any vulnerability management solution worldwide.