VeriSign Introduces the VeriSign® Security Certification Program from VeriSign, Inc.

You Are Here: US Home > About VeriSign > News and Events > News Archive > U.S. Press Releases: 2005 > Press Release

News & Events

VeriSign Introduces the VeriSign® Security Certification Program To Help Enterprises Meet Strict Regulatory and Business Security Compliance Requirements

Latest Addition to VeriSign Compliance Solutions Leverages Company Expertise and Experience to Help Enterprises Assess and Certify Their Security Programs

WASHINGTON, DC. – Gartner IT Security Summit 2005 – June 6, 2005 – VeriSign, Inc., (Nasdaq: VRSN), the leading provider of intelligent infrastructure services for the Internet and telecommunications networks, today introduced the VeriSign® Security Certification Program.  The program is designed to both assess an enterprise’s information security program and certify it meets VeriSign’s requirements, which are based on best practices drawn largely from a variety of international regulatory and industry compliance requirements.  The certification can also be performed at a business unit, infrastructure or application level.

With more businesses opening their networks to customers, partners, suppliers and remote employees, the potential for theft of sensitive information is increasing.  As a result, many governments and industry associations are enacting legislation and requirements that compel enterprises to secure their networks and maintain the integrity of stored information.  Key compliance standards and regulatory drivers include:  Sarbanes-Oxley, Health Information Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley (GLBA), British Standard 7799/ISO 17799 for Information Security and the Payment Card Industry (PCI) Data Security Standards.  Failure for an enterprise to meet these requirements can result in increased audits, penalties, transaction costs and lower revenues.

Through the VeriSign Security Certification Program, VeriSign’s Global Security Consulting team utilizes the experience gained from the hundreds of compliance audits it performs annually.  By implementing a single-service approach to assess the integrity of a network environment, enterprises can keep pace with these standards and regulatory requirements.  Certification by VeriSign provides a vehicle for companies to communicate to third parties that their information security program follows best practices.  Additionally, given that those best practices are based largely on regulatory and industry compliance requirements, the assessment data can be used during the performance of other audits to reduce cost and complexity.  The program consists of two parts: 

  • Assessment:  Enterprises undergo detailed assessments of their business, network and data flows, performed through document reviews, interviews and technical analysis.  The assessment includes a comprehensive report of the findings, a gap analysis for activities required to meet certification, and a standalone database that allows granular access to the results.
  • Certification:  Enterprises are certified for one year upon achieving compliance with the program, renewable annually.  Deliverables include a one-page certification letter, indicating that their program complies with VeriSign’s standards for best practices, that can be shared with regulators, business partners, industry associates and other third parties and access to certification documents to generate reports detailing the assessment data associated with each regulatory and industry standard.

The program is one of a range of VeriSign services that help customers address compliance issues.  Another critical component of any security program is the presence of on-going management and monitoring of security activities that can be performed by an enterprise, or managed externally.  To help with these efforts, VeriSign has a comprehensive suite of compliance-related services.  In addition to the VeriSign Security Certification Program the VeriSign Compliance Solutions include:

    • VeriSign Host Log Monitoring Service:  Performs the detailed work associated with monitoring device logs, alerting enterprises to potential security breaches and storing them for as long as an enterprise requires – a key component of many regulations.
    • VeriSign Managed Firewall/IDS/IPS Services:  Manages and monitors industry-leading firewalls, intrusion detection and intrusion prevention platforms that utilizes VeriSign’s intelligence to flag only events that require immediate action.  Sarbanes-Oxley, HIPAA and PCI all require the ability to detect and respond to potential intrusions.
    • VeriSign Managed Vulnerability Protection:  Provides cost-effective vulnerability assessment and management services for enterprises.  Sarbanes-Oxley, HIPAA, GLBA and several financial institutions require regular assessments for technical vulnerabilities in network devices.
    • VeriSign Email Security Service:  Provides anti-virus, spam, and content filtering capabilities.  Anti-virus protection and electronic communications transparency are requirements of many regulations and specific mandates from the Securities Exchange Commission (SEC), National Association of Securities Dealers (NASD) and U.S. Department of Health and Human Services (HHS).

“In order for businesses to truly be successful in today’s digital economy, their networks must be opened to a variety of different organizations.  The introduction of compliance standards and legislation now requires enterprises to vouch not only for the integrity of their own network, but for the integrity of the networks with which they do business,” said Judy Lin, executive vice president and general manager, VeriSign Security Services.  “The VeriSign Security Certification Program can help enterprises reduce the cost and complexity of multiple audits through one assessment that includes best practices gleaned from a variety of sources.”

For more information on the VeriSign Security Certification Program and the rest of the VeriSign Compliance Solutions, please go to:  www.verisign.com/dm/security-certification-program

About VeriSign 
VeriSign, Inc. (Nasdaq: VRSN) operates intelligent infrastructure services that enable businesses and individuals to find, connect, secure and transact across today’s complex global networks. Additional news and information about the company is available at http://www.verisign.com/

 
For more information, contact: 
VeriSign Media Relations: Brendan Lewis, brlewis@verisign.com, 650-426-4470  
VeriSign Investor Relations: Tom McCallum, tmccallum@verisign.com, 650-426-3744

Statements in this announcement other than historical data and information constitute forward-looking statements within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. These statements involve risks and uncertainties that could cause VeriSign's actual results to differ materially from those stated or implied by such forward-looking statements. The potential risks and uncertainties include, among others, the uncertainty of future revenue and profitability, potential fluctuations in quarterly operating results, and increased competition and pricing pressures. More information about potential factors that could affect the company's business and financial results is included in VeriSign's filings with the Securities and Exchange Commission, including in the company's Annual Report on Form 10-K for the year ended December 31, 2004 and quarterly reports on Form 10-Q. VeriSign undertakes no obligation to update any of the forward-looking statements after the date of this press release.

# # #

Printable version
Contact Us
For media inquiries,
please contact us at
650-426-5028 or at
pr@verisign.com.
2008
2007
2006

Web Seminars