Avaya Virtual Service Platform Switches Achieve Common Criteria Certification

Avaya Only the Second Company in the World to Complete the Rigorous Network Device Collaborative Protection Profile (NDcPP) Security Requirements and Demonstrate the Highest Degree of Security Robustness


WASHINGTON, DC--(Marketwired - March 30, 2017) - Avaya, a global leader in mission critical, real-time communication applications of the world's most important operations, announced that its Avaya Virtual Services Platform 4000 series, 7000 series and 8000 series switches have successfully completed Common Criteria Certification and are now Protection Profile NDcPP compliant. Avaya is the second company to be evaluated and receive Common Criteria certification against the NDcPP v1.0.

Common Criteria serves as the basis for government-driven certification and evaluation for government security agencies of more than two dozen nations. Common Criteria permits comparability between the results of independent security through a common set of requirements for the security functionality of IT products and for assurance measures applied to these IT products during a security evaluation.

Specification, implementation and evaluation of a computer security product is conducted in a rigorous and repeatable manner at a level that is commensurate with the target environment for use. The evaluation process establishes a level of confidence that the security functionality of these IT products and the assurance measures applied to these IT products meet these requirements. The CC Certification ensures that the network device has demonstrated under test a level of high and consistent security standards.

The Avaya Virtual Service Platform (VSP 4000, VSP 7000, VSP 8000) implement the following security functions:

  • Cryptographic Support
  • Identification and Authentication
  • Security Management
  • Protection of the TOE Security Function (TSF)
  • Target of Evaluation (TOE) Access
  • Trusted Path/Channels

The successfully completed Common Criteria Evaluation and The Validation Report and Security Target have been posted on the NIAP Product Compliant List (PCL). These are also compliant to FIPS 140-2 with the National Institute of Standards and Technology (NIST) based on the embedded Mocana Cryptographic Suite B Module (Software Version: 6.4.1f) used in the products and found here.

Additional Quotes

"Common Criteria is a globally recognized product security standard and Network Device collaborative Protection Profile (NDcPP) is a tailored set of requirements targeted to ensure security of Network Devices. By being only the second company to have been evaluated against these criteria, Avaya has shown a high degree of security robustness for their VSP appliances. It has been a pleasure helping Avaya improve their products and successfully completing this evaluation."
- Ashit Vora, Co-Founder, Acumen Security

"The Common Criteria Certification adds global recognition to our Virtual Service Platform 4000 Series, 7000 Series and 8000 Series that has already met the stringent JITC (Joint Interoperability Test Command) testing for Information Assurance (IA) and Interoperability (IO) conformance. We are honored to have achieved this unprecedented level of global security certification."
- Mark Hankel, Security Architect, Avaya Government Solutions

About Avaya
Avaya enables the mission critical, real-time communication applications of the world's most important operations. As the global leader in delivering superior communications experiences, Avaya provides the most complete portfolio of software and services for contact center and unified communications with integrated, secure networking -- offered on premises, in the cloud, or a hybrid. Today's digital world requires some form of communications enablement, and no other company is better positioned to do this than Avaya. For more information, please visit www.avaya.com.

Certain statements contained in this press release are forward-looking statements. These statements may be identified by the use of forward-looking terminology such as "anticipate," "believe," "continue," "could," "estimate," "expect," "intend," "may," "might," "plan," "potential," "predict," "should" or "will" or other similar terminology. We have based these forward-looking statements on our current expectations, assumptions, estimates and projections. While we believe these expectations, assumptions, estimates and projections are reasonable, such forward-looking statements are only predictions and involve known and unknown risks and uncertainties, many of which are beyond our control. These and other important factors may cause our actual results, performance or achievements to differ materially from any future results, performance or achievements expressed or implied by these forward-looking statements. For a list and description of such risks and uncertainties, please refer to Avaya's filings with the SEC that are available at www.sec.gov. Avaya disclaims any intention or obligation to update or revise any forward-looking statements, whether as a result of new information, future events or otherwise.

Follow Avaya on Twitter, Facebook, YouTube, LinkedIn and the Avaya Connected Blog.

Company ProfileAvaya