Certified Product: Symantec™ Data Loss Prevention 14.5

Symantec™ Data Loss Prevention 14.5 (hereafter referred to as the Target of Evaluation, or TOE) from Symantec Corporation, was the subject of a Common Criteria evaluation performed by the Common Criteria Evaluation Facility at EWA-Canada. The evaluation was completed in December 2016.

The evaluation of the TOE determined that this Information Technology (IT) product can be trusted, to EAL 2+ (ALC_FLR.2), to conform to the requirements of the associated security target.

The TOE is a data loss prevention product (DLP) used by organizations to safeguard sensitive data such as company information, customer data, and intellectual property. The

TOE provides this functionality through the discovery, monitoring, and protection of sensitive information on network resources within an organization’s IT infrastructure.

Sensitive data may include credit card numbers, names, addresses, identification numbers or any data a company deems proprietary. The TOE enables an organization to:

  • Discover stored data on network resources
  • Monitor how that data is being used
  • Protect the data from being leaked or stolen

The central component for a DLP implementation is the DLP Enforce Server, which provides a management interface for defining the policies that are enforced throughout the network. The Enforce Server works with one or more Detection servers to protect data and report on violations. Detection servers may be deployed on a single server or in a distributed architecture, depending upon the organization’s network requirements.

The scope of this evaluation is defined by the security target, which identifies assumptions made during the evaluation, the intended environment for the TOE, the IT security requirements to be met, and the level of confidence (evaluation assurance level) to which it is asserted that the TOE satisfies its IT security requirements.

Consumers are advised to carefully review the certification report to gain an understanding of the security functionality, the evaluated configuration, and the intended operating environment for the TOE.