News Archive

CERT Australia pushes on Network Security

The new computer emergency response team, CERT Australia, will expect internet service providers to be more active in cleaning up infected computers operating on their networks.


CA Spectrum Infrastructure Manager Earns Common Criteria Level 2 Certification

CA, announced that CA Spectrum® Infrastructure Manager has achieved international Common Criteria Evaluation Assurance Level 2 certification from the Communications Security Establishment Canada (CSEC) Canadian Common Criteria Scheme (CCCS).


Force10 Networks Receives Common Criteria Security Certification for its High-Performance Ethernet Switch/Router Products

Force10 Networks, Inc., the global technology leader that data center, service provider and enterprise customers rely on when the network is their business, today announced that its C-Series™, S-Series™ and E-Series® Ethernet switch/routers running FTOS (Force10 operating system) software version 7.8, received Common Criteria certification to the Evaluation Assurance Level 2 (EAL-2).


BlackBerry Enterprise Server Becomes First Mobile Platform to Achieve Common Criteria EAL4+ Certification

Waterloo, ON - Research In Motion (RIM) (NASDAQ:RIMM)(TSX:RIM) today announced that BlackBerry® Enterprise Server 5.0 has been awarded Common Criteria Evaluation Assurance Level 4+ (EAL4+) certification.


QNX Ships First Multi-Core RTOS to Achieve Common Criteria Security Certification

QNX Software Systems today announced that the QNX® Neutrino® RTOS Secure Kernel v6.4.0 has been certified to the stringent security requirements of the Common Criteria ISO/IEC 15408 Evaluation Assurance Level 4+ (EAL 4+).


Fortinet Earns Common Criteria EAL 4+ Certification for FortiOS 3.0 Firmware

Fortinet® - the pioneer and leading provider of unified threat management (UTM) solutions - today announced the company's FortiOS™ 3.0 firmware received certification for Common Criteria Evaluation Assurance Level 4 Augmented (EAL 4+).


Cyber Security New Arms Race: Safety Minister

Cyber security is the new world arms race, Public Safety Minister Peter Van Loan said Wednesday. Not a day goes by without someone trying to hack government computer systems and fighting it is a constant challenge ...


Proofpoint's Email Security and Data Loss Prevention Solution Earns Internationally Recognized Common Criteria Certification

Proofpoint, Inc., the leading provider of unified email security, archiving and data loss prevention solutions, today announced that the Proofpoint Protection Server® version 5 has completed evaluation for a Common Criteria EAL2+ certification under the Canadian Communications Security Establishment Canada's (CSEC) Common Criteria Evaluation and Certification Scheme (CCS).


PCI Security Standards Council Strengthens Payment Card Data Security

The PCI Security Standards Council, a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (DSS), PCI PIN Entry Device (PED) Security Requirements and the Payment Application Data Security Standard (PA-DSS), today announces the addition of two new payment industry device types to the PED program to strengthen cardholder data security.


Cyber Crime Becoming #1 Crime in North America

Cyber crime is now the most significant challenge facing law enforcement organizations in Canada. The results of a nationwide Deloitte survey, commissioned by the Canadian Association of Police Boards (CAPB) to determine the magnitude and impact of cyber crime on
Canadians, has indicated that cyber crime is a much more serious threat than previously believed.


VMware Infrastructure Earns Security Certification for Stringent Government Standards through EWA-Canada

VMware, Inc., (NYSE: VMW), the global leader in virtualization solutions from the desktop to the datacenter, today announced that VMware Infrastructure 3, VMware ESX Server 3.0.2 and VMware VirtualCenter™ 2.0.2 have earned Common Criteria Evaluation Assurance Level 4 (EAL4+) certification under the Communications Security Establishment Canada (CSEC) Common Criteria Evaluation and Certification Scheme (CCS), following an extensive analysis and testing process.


Proofpoint's Email Security and Data Loss Prevention Solution Undergoes Rigorous Common Criteria Evaluation Process

Proofpoint, Inc., the leading provider of unified email security and data loss prevention solutions, today announced that the Proofpoint Protection Server(R) version 5 software is officially in evaluation for an EAL2+ certification under the Canadian Communications Security Establishment's (CSE) Common Criteria Evaluation and Certification Scheme (CCS). Common Criteria evaluation is mandated for commercial information security products purchased by governments worldwide, including the United States government. Proofpoint's decision to undergo Common Criteria evaluation further demonstrates the company's commitment to delivering the highest quality solutions to government organizations worldwide.


GlobalSCAPE achieves FIPS 140-2 validation through EWA-Canada

”Today, more than ever, there is an implicit concern about protecting and securing sensitive files,” said Erin Connor, lab director at EWA-Canada, the independent, third-party FIPS 140-2 testing lab that tested the GlobalSCAPE module for FIPS 140-2 validation. “With the validation of the cryptographic module in its Secure FTP Server solution, GlobalSCAPE has taken a significant step in ensuring its users that their files are safe and private. Throughout the process, GlobalSCAPE easily met all of the stringent requirements and testing to achieve FIPS 140-2 validation, resulting in a solution that not only adheres to the standard but offers the functionality and features needed to keep pace in today’s marketplace.”

GlobalSCAPE’s Secure FTP Server Cryptographic Module Achieves FIPS ...


1 Feb 2008 - EWA-Canada SCAP Test Lab Accreditation awarded by NIST & NVLAP: NIST lists SCAP-validated tools

EWA-Canada’s IT Security Evaluation & Test (ITSET) laboratory was the first lab accredited by the National Institute of Standards and Technology (NIST) and the National Voluntary Laboratory Accreditation Program (NVLAP) to perform Security Content Automation Protocol (SCAP) testing under the Information Security Automation Program.

The Information Security Automation Program (ISAP) is a U.S. government multi-agency initiative to enable automation and standardization of technical security operations. The Security Content Automation Protocol (SCAP) is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation (e.g., FISMA compliance). US Federal agencies must use certified tools to determine and verify that their systems are using the NIST – approved standard configuration(s). Vendor's tools that claim SCAP conformance can now be validated.

EWA-Canada’s ITSET lab is also an accredited Common Criteria Test Lab (CCTL, or CLEF – Commercial Lab Evaluation Facility) and a device certification agent for the Payment Card Industry (PCI) and the Interac® Association (Canada’s financial services network). The accreditation to perform SCAP testing expands our accreditation to perform FIPS 140 Cryptographic Module testing and FIPS 201 Personal Identity Verification (PIV) testing as a NVLAP Cryptographic and Security Testing lab. This new capability expands EWA-Canada’s commitment to offer its clients one-stop shopping for all of their IT Security certification and validation testing needs.


Telco Face Enormous challenges Building New IP Apps

The world's telephone companies and their suppliers gathered in Monte Carlo this spring for some high-stakes activity that had nothing to do with baccarat tables or roulette wheels. The focus of their high-level powwow was IP Multimedia Subsystem, or IMS, the technology that most big telcos had once identified as the industry-saving platform for creating more IP applications more quickly, enabling them to finally escape their dependence on a handful of commodity services.  


The eight most dangerous consumer technologies

In a recent survey of corporate users by Yankee Group Research, 86% of the 500 respondents said they had used at least one consumer technology in the workplace, for purposes related to both innovation and productivity. Unfortunately, this trend poses problems for IT organizations. For one thing, the use of these technologies increases the risk of security breaches. Moreover, users expect IT to support these devices and services, especially once they interact with applications in the corporate environment.


Five technologies most likely to make a splash in 2007

It seems like every month a new technology emerges with the potential to change everything. Technology writers and analysts get hyperexcited. Everyone starts patting one another on the back and hugging. And two years later, we're still talking about the promise of that technology, with little to show in the here and now.


Gartners Good, Bad and Ugly for 2007

The Good

By 2010, the average total cost of ownership of new PCs will decrease by 50%. The growing importance and focus on manageability, automation and reliability will help differentiate PCs in a market that is increasingly commoditized. Many of the manageability and support tools will be broadly available across multiple vendors. Vendors that can graduate from claims of mere "goodness" to concrete examples of cost savings will have an advantage.

The Bad

By the end of 2007, 75% of enterprises will be infected with undetected, financially motivated, targeted mal-ware. These attacks will evade traditional perimeter and host defenses. The threat environment is changing: Targeted attacks for financial gain are increasing, and automated mal-ware generation kits allow simple creation of thousands of variants quickly. But our security processes and technologies haven't kept up.

The Ugly

Through 2011, enterprises will waste $100 billion buying the wrong networking technologies and services. Enterprises are missing out on opportunities to build a network that would put them at a competitive advantage. Instead, they follow outdated design practices and collectively will waste at least $100 billion over the next five years.

Source: Gartner inc., 2006


Common Criteria

Due to fiscal constraints, beginning on October 1, 2006, for FY07, the NIAP CCEVS will only accept Medium and High Robustness PP compliant products in support of National Security customers.


New CCS Instruction # 2 In order to maintain a high quality evaluation and certification service the CCS will introduce an evaluation prioritization process on 31 January 2007.


BlackBerry Enterprise Server and BlackBerry Device Software Gain International Security Accreditation

Rome, Italy - Research In Motion (RIM) (NASDAQ:RIMM)(TSX:RIM) today announced that its BlackBerry® Enterprise Server and BlackBerry® device software have been awarded Common Criteria Evaluation Assurance Level 2 augmented (EAL 2+) validations. The certifications were awarded at the 8th International Common Criteria Conference in Rome and acknowledge the robust security features of the BlackBerry® Enterprise Solution.


GlobalSCAPE's Enterprise EFT Server and Secure Server Cryptographic Module on Track for FIPS Security Standards Certification

GlobalSCAPE (AMEX:GSB), a leading provider of products that allow companies to move, store and share files securely over the Internet, announced that the Cryptographic Module to be embedded in its Secure Server and flagship, enterprise-class EFT Server products, has satisfied Federal Information Processing Standards (FIPS) pre-validation requirements. The Cryptographic Module has been placed on the FIPS 140-2 pre-validation list and now awaits the final certification review. EWA Canada, contracted by GlobalSCAPE to perform the validation testing, submitted GlobalSCAPE's Cryptographic Module package and test report to NIST for review; certification is expected in Q1 2008.


Canada is not only moving to chip and PIN but also NFC.

RBC and Visa Canada are teaming up to be the first in Canada to pilot a mobile payment service that uses cell phones rather than traditional credit cards for making Visa purchases. The Ontario-based pilot is expected to be completed in 2008. As part of the pilot, mobile devices will be embedded with Near Field Communication (NFC) contactless chips.


Payment Card Industry

With Canada and Mexico rapidly moving towards EMV deployment, witness the world’s largest player in the credit card market, the United States, left out in the cold. Some say it’s not a matter of if, but when, the U.S. will implement EMV. One reason: once its northern and southern neighbors are EMV-complaint, crooks may find much easier pickings in the U.S.
- Secure ID News March 22 07


Study on Impact of RFID Use Released

The European Parliament's Scientific Technology Options Assessment group has published a study of RFID technology used daily in Europe, including credit cards, passports, and retail applications. The study covers the benefits of RFID technology and the potential for misuse of the data generated.



Source: Canada News wire (06/25) McDonald's Restaurants of Canada announced plans to accept two new payment options that will give its customers a convenient alternative to cash. McDonald's will begin installing MasterCard's PayPass readers and chip card terminals in some of its 1,400 restaurants across Canada as early as 2008. "We're excited about our plans to further enhance the customer experience through these new payment options," said Laurie Laykish, Senior Vice-President Marketing & Strategic Planning, McDonald's Restaurants of
Canada. "We are always listening to our customers and responding with new innovations to meet the needs of their on-the-go lifestyles, whether it be with drive-thru's, menu choices or, in this case, more convenient payment options." "We are pleased to be working with McDonald's to provide their customers with the tap and go convenience of MasterCard(R) PayPass(TM)," said Kevin Stanton, President of MasterCard Canada.

MasterCard Canada is a member of ACT Canada; please visit



(04/25) EDS announced it has been selected by the U.S. General Services Administration to provide identity management services to federal government civilian agencies. These services will allow agencies to comply with Homeland Security Presidential Directive 12 (HSPD-12), which calls for a mandatory government-wide standard for a secure common form of identification for all federal government employees and contractors. The single award GSA Federal Supply Schedule task order is worth $66 million and will run through September 2011 if all options are exercised. Under this contract, the EDS team will support GSA in issuing identity credentials to approximately 420,000 employees at 42 federal civilian agencies. EDS will provide a shared service solution for end-to-end managed services for core HSPD -12 system components.

EDS is a member of ACT Canada; please visit


The Biggest Threat from Cyber Warfare Lies in the Future!

By Stephen Fidler

Published: September 8 2007

The lights go out; the internet goes down. Banks close; cash machines fail. Radio and television stations stop broadcasting. Airports and railway stations bar their doors. City streets are jammed with traffic. After a long night of uncertainty, power and communications are still blacked out - in fact, they might not come back for months. People start to panic and, as looters emerge, police are unable to restore order. With savings out of reach, the only things of value are fuel, food and water.


International Common Criteria Conference in Rome

EWA-Canada made three (3) presentations at the International Common Criteria Conference in Rome. Topics included Developer Documentation - A Who to guide, Certification maintenance using assurance continuity EWA-Canada experience and Synergies of the Common Criteria with other standards.