Software Security Certifications: A Primer and Update

Security is becoming increasingly critical as the world becomes more digital and interconnected. Security is paramount at Veeam Software. We understand the importance of maintaining the highest level of security to protect our customers’ information. We are pleased to announce that we are undergoing Common Criteria certification, DoDIN APL certification, CMMC v2 and Independent Verification & Validation (IV&V) to enhance our products’ security measures.

What Is Common Criteria Certification?

Common Criteria is an internationally recognized standard for evaluating the security of information technology products. It involves rigorous testing and evaluation to ensure our products meet specific security standards. Common Criteria certification is recognized by over 30 countries worldwide, making it a highly sought-after certification for companies that do business globally.

What Is DoDIN APL?

The Department of Defense Information Network (DoDIN) Approved Products List (APL) is a list of products that have been evaluated and approved for use in the DoDIN. The DoDIN APL is managed by the Defense Information Systems Agency (DISA) and is used by the Department of Defense (DoD) to ensure that products meet strict security requirements.

What Is CMMC v2?

The Cybersecurity Maturity Model Certification (CMMC) is a unified standard for assessing the cybersecurity posture of the defense industrial base (DIB). The CMMC v2 is the latest version of the standard, and it provides a comprehensive framework for measuring a company’s security capabilities and processes.

What is Independent Verification & Validation (IV&V)?

Independent Verification & Validation (IV&V) is a process that verifies and validates the performance, functionality and security of software applications. The IV&V process involves a third-party organization that is independent of the development team to perform testing and evaluation of the software.

What Is the SSDF?

The Secure Software Development Framework (SSDF) is a comprehensive framework for developing secure systems and software. The framework provides guidance on how to design, develop and test software to ensure that it meets specific security standards.

Why Are These Certifications Important?

Certifications are critical because they demonstrate a company’s commitment to security and provide assurance to customers that products meet specific security standards. Certifications also help companies comply with regulatory requirements and industry standards, which is essential for companies that deal with sensitive data.

For Veeam Software, these certifications are vital because our customers deal with data backup and recovery. We ensure the highest levels of security in our product development standards to protect our clients and their customers or business information. By achieving these certifications, Veeam demonstrates that we take security seriously and continuously strive to improve our products’ security.

What Is FIPS 140-2?

The Federal Information Processing Standards (FIPS) Publication 140-2 is a U.S. government standard that specifies the security requirements for cryptographic modules used in electronic devices. The standard defines four levels of security, with Level 4 being the highest. FIPS 140-2 Level 2 certification requires that the module undergoes physical security testing to ensure that it can resist attacks.

What Is SOC 2, Type 1?

SOC 2, Type 1 is a type of report that evaluates a company’s information systems security, availability, processing integrity, confidentiality and privacy. The report is based on the American Institute of Certified Public Accountants (AICPA) Trust Services Criteria and is conducted by an independent third-party auditor.

What Is ISO 27001?

ISO 27001 is an international standard that specifies the requirements for an information security management system (ISMS). The standard provides a systematic approach to managing sensitive information so that it remains secure. ISO 27001 certification involves a comprehensive review of a company’s security policies, procedures and controls.

Why Did We Pursue These Certifications?

At Veeam Software, we understand that our customers’ trust is critical and take security seriously. Pursuing these certifications was a natural step for us to demonstrate our commitment to security and ensure we meet the highest standards possible.

We have completed FIPS 140-2, SOC 2 Type 1 and ISO 27001 certifications to reinforce our commitment to security. In addition, we are implementing the Secure Software Development Framework (SSDF) to enhance our software development practices to ensure that our products meet the highest security standards.

We understand that security is an ongoing process, and we are continuously evaluating and improving our security measures to ensure that we meet the evolving security needs of our customers. We are committed to maintaining the highest levels of security and providing our customers with the peace of mind that comes with knowing their data is secure.

Veeam is proud to be undergoing Common Criteria certification, DoDIN APL, CMMC v2 and Independent Verification & Validation (IV&V) to enhance security measures. These are only a few of the certifications Veeam is pursuing. Veeam is committed to security and our customers, and we will continue to evaluate and improve our security measures to provide the highest level of security possible.

Stay up to date on the latest tips and news
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam’s Privacy Policy
You're all set!
Watch your inbox for our weekly blog updates.
OK