Common Criteria (EAL4) support
The National Institute of Standards and Technology (NIST) has developed Common Criteria to ensure you have a safe option for downloading software to use on your systems. Information held by IT products or systems is a critical resource that enables organizations to succeed in their mission. Additionally, individuals have a reasonable expectation that their personal information contained in IT products or systems remain private, be available to them as needed, and not be subject to unauthorized modification. IT products or systems should perform their functions while exercising proper control of the information to ensure it is protected against hazards such as unwanted or unwarranted dissemination, alteration, or loss. The term IT security is used to cover prevention and mitigation of these and similar hazards.
WebSphere® Application Server Version 7.0.0.19 was
certified at the Common Criteria EAL4 level, the highest level of any commercially available
application server. WebSphere Application Server Version
8 and 8.5 was designed to meet or exceed the security capabilities of WebSphere Application Server Version 7.0.0.19, including the EAL4
requirements. The US CCEVS is no longer certifying software products as Common Criteria EAL
compliant because they are moving to a new security standard referred to as Protection
Profiles
. A Protection Profile for Java™ EE is not
available at this time.