Third Party Confirms
Integrity of VeriSign Technology Worldwide
Mountain View, CA, April 24, 2001 - VeriSign, Inc. (Nasdaq:
VRSN), the leading provider of Internet trust services, today announced
that it has been accredited with the highest Common Criteria rating
attained by public key infrastructure (PKI) providers. The Common Criteria
represents the outcome of a series of efforts by government organizations
from the United States, Canada, France, Germany, and the United Kingdom
among others to develop criteria for evaluation of information technology
(IT) security that are broadly useful within the international community.
VeriSign offers its end-to-end PKI managed services to the international
community through a network of 35 affiliates, whose customers worldwide
can be assured that their PKI deployment continues to meet the highest
standards.
"Because the Internet has no borders, it is
essential for vendors to observe international common standards, to
provide consistent services worldwide and to comply with various regional
criteria at the same time," said Roger Cochetti, senior vice president
and chief policy officer for VeriSign. "We have put incredible
efforts into building the carrier class, scalable, hardened infrastructure
that secures the wired and wireless Internet today, and we are very
pleased that it meets the rigorous requirements of the internationally
recognized Common Criteria."
The Common Criteria is an International Standards
Organization (ISO) recognized evaluation process, developed by a collaboration
of industry and government agencies like the National Security Agency
(NSA) in the U.S., and others around the world. VeriSign earned its
accreditation through the Australian Defense Signals Directorate, acting
on behalf of Australia within the Common Criteria member group of 14
nations.
Common Criteria attests that VeriSign IT products
and managed services have performed to Evaluation Assurance Level 4
(EAL4), a higher rating than any other PKI provider has earned. The
rating not only confirms VeriSign's product integrity, it meets governmental
and commercial requirements specific to certain regions allowing VeriSign
affiliates to bid for additional contracts. For example, VeriSign's
Australian affiliate eSign leveraged the Common Criteria rating and
has now achieved the first full commercial accreditation as both a Registration
Authority (RA) and a Certification Authority (CA) under Australia's
Federal Government Gatekeeper strategy for public key technology use
in government.
"We are now fully accredited to provide all
grades and types of Gatekeeper digital certificates which can be used
across multiple agencies," said Gregg Rowley, managing director
for eSign Australia Limited. "Government agencies and organizations
now have a one-stop-shop to provide their PKI requirements to deal with
government online. As an accredited RA and CA, eSign will be able to
manage PKI solutions based on customers' individual requirements with
minimum effort and cost."
The Common Criteria rating provides a means to measure
products by an internationally agreed upon method of evaluation and
to increase the availability of evaluated, security-enhanced IT products.
Functionalities measured during the Common Criteria review of VeriSign's
processing center product include cryptographic support, communications,
user data protection, identification and authentification, security
management and privacy, among others. For more information about Common
Criteria, see http://www.commoncriteria.org/.
In addition to the Common Criteria EAL4 certification
of the VeriSign Processing Center platform, for the fourth year in a
row, VeriSign has also completed a successful AICPA SAS-70 Type II audit,
verifying the internal policies and procedures against its widely recognized
Certification Practices Statement (CPS). For the first time, VeriSign
has also been successfully audited against the WebTrust program for
Certification Authorities, an independent program aimed at auditing
controls and procedures unique to Certification Authorities. VeriSign
continues to pursue these efforts to provide our customers with the
highest quality of trusted infrastructure services.
For more information about the AICPA and the SAS-70
audit, see http://www.aicpa.org.
For more information about the WebTrust program for Certification Authorities,
see http://www.cpawebtrust.org/CertAuth_fin.htm.
About VeriSign
VeriSign, Inc. (Nasdaq:VRSN) is the leading provider of trusted infrastructure
services to Web sites, enterprises, electronic commerce service providers
and individuals. The Company's domain name, digital certificate and
payment services provide the critical web identity, authentication and
transaction infrastructure that online businesses require to conduct
secure e-commerce and communications. VeriSign's services are available
through its Web site (www.verisign.com)
or through its direct sales force and reseller partners around the world.
Statements in this announcement other than
historical data and information constitute forward-looking statements
within the meaning of Section 27A of the Securities Act of 1933 and
Section 21E of the Securities Exchange Act of 1934. These statements
involve risks and uncertainties that could cause VeriSign's actual results
to differ materially from those stated or implied by such forward-looking
statements. The potential risks and uncertainties include, among others,
VeriSign's limited operating history under its current business structure,
uncertainty of future revenue and profitability and potential fluctuations
in quarterly operating results, increased competition, risks associated
with the company's international business and risks related to potential
security breaches. More information about potential factors that could
affect the company's business and financial results is included in VeriSign's
filings with the Securities and Exchange Commission, especially in the
company's Annual Report on Form 10-K for the year ended December 31,
2000. VeriSign undertakes no obligation to update any of the forward-looking
statements after the date of this press release.
VeriSign is a registered trademark of VeriSign,
Inc. Other names may be trademarks of their respective owners.
Worldwide Sites
