VeriSign First PKI Provider to Earn Internationally Recognized Common Criteria EAL4 Accreditation from VeriSign, Inc.

back

VeriSign First PKI Provider to Earn Internationally Recognized Common Criteria EAL4 Accreditation

Third Party Confirms Integrity of VeriSign Technology Worldwide

Mountain View, CA, April 24, 2001 - VeriSign, Inc. (Nasdaq: VRSN), the leading provider of Internet trust services, today announced that it has been accredited with the highest Common Criteria rating attained by public key infrastructure (PKI) providers. The Common Criteria represents the outcome of a series of efforts by government organizations from the United States, Canada, France, Germany, and the United Kingdom among others to develop criteria for evaluation of information technology (IT) security that are broadly useful within the international community. VeriSign offers its end-to-end PKI managed services to the international community through a network of 35 affiliates, whose customers worldwide can be assured that their PKI deployment continues to meet the highest standards.

"Because the Internet has no borders, it is essential for vendors to observe international common standards, to provide consistent services worldwide and to comply with various regional criteria at the same time," said Roger Cochetti, senior vice president and chief policy officer for VeriSign. "We have put incredible efforts into building the carrier class, scalable, hardened infrastructure that secures the wired and wireless Internet today, and we are very pleased that it meets the rigorous requirements of the internationally recognized Common Criteria."

The Common Criteria is an International Standards Organization (ISO) recognized evaluation process, developed by a collaboration of industry and government agencies like the National Security Agency (NSA) in the U.S., and others around the world. VeriSign earned its accreditation through the Australian Defense Signals Directorate, acting on behalf of Australia within the Common Criteria member group of 14 nations.

Common Criteria attests that VeriSign IT products and managed services have performed to Evaluation Assurance Level 4 (EAL4), a higher rating than any other PKI provider has earned. The rating not only confirms VeriSign's product integrity, it meets governmental and commercial requirements specific to certain regions allowing VeriSign affiliates to bid for additional contracts. For example, VeriSign's Australian affiliate eSign leveraged the Common Criteria rating and has now achieved the first full commercial accreditation as both a Registration Authority (RA) and a Certification Authority (CA) under Australia's Federal Government Gatekeeper strategy for public key technology use in government.

"We are now fully accredited to provide all grades and types of Gatekeeper digital certificates which can be used across multiple agencies," said Gregg Rowley, managing director for eSign Australia Limited. "Government agencies and organizations now have a one-stop-shop to provide their PKI requirements to deal with government online. As an accredited RA and CA, eSign will be able to manage PKI solutions based on customers' individual requirements with minimum effort and cost."

The Common Criteria rating provides a means to measure products by an internationally agreed upon method of evaluation and to increase the availability of evaluated, security-enhanced IT products. Functionalities measured during the Common Criteria review of VeriSign's processing center product include cryptographic support, communications, user data protection, identification and authentification, security management and privacy, among others. For more information about Common Criteria, see http://www.commoncriteria.org/.

In addition to the Common Criteria EAL4 certification of the VeriSign Processing Center platform, for the fourth year in a row, VeriSign has also completed a successful AICPA SAS-70 Type II audit, verifying the internal policies and procedures against its widely recognized Certification Practices Statement (CPS). For the first time, VeriSign has also been successfully audited against the WebTrust program for Certification Authorities, an independent program aimed at auditing controls and procedures unique to Certification Authorities. VeriSign continues to pursue these efforts to provide our customers with the highest quality of trusted infrastructure services.

For more information about the AICPA and the SAS-70 audit, see http://www.aicpa.org
For more information about the WebTrust program for Certification Authorities, see http://www.cpawebtrust.org/CertAuth_fin.htm.

About VeriSign 
VeriSign, Inc. (Nasdaq:VRSN) is the leading provider of trusted infrastructure services to Web sites, enterprises, electronic commerce service providers and individuals. The Company's domain name, digital certificate and payment services provide the critical web identity, authentication and transaction infrastructure that online businesses require to conduct secure e-commerce and communications. VeriSign's services are available through its Web site (www.verisign.com) or through its direct sales force and reseller partners around the world.

Statements in this announcement other than historical data and information constitute forward-looking statements within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. These statements involve risks and uncertainties that could cause VeriSign's actual results to differ materially from those stated or implied by such forward-looking statements. The potential risks and uncertainties include, among others, VeriSign's limited operating history under its current business structure, uncertainty of future revenue and profitability and potential fluctuations in quarterly operating results, increased competition, risks associated with the company's international business and risks related to potential security breaches. More information about potential factors that could affect the company's business and financial results is included in VeriSign's filings with the Securities and Exchange Commission, especially in the company's Annual Report on Form 10-K for the year ended December 31, 2000. VeriSign undertakes no obligation to update any of the forward-looking statements after the date of this press release.

VeriSign is a registered trademark of VeriSign, Inc. Other names may be trademarks of their respective owners.