NIAP Evaluates Marimba's Products for Common Criteria Validation

11/4/2003 - Marimba, Inc. (Nasdaq: MRBA) announced that its Client Management and Server Management product lines are "in evaluation" under the National Information Assurance Partnership (NIAP) Common Criteria evaluation and validation scheme (CCEVS). The NIAP CCEVS is a joint program of the National Security Agency (NSA) and the National Institute of Standards and Technology (NIST). Marimba is the only software change management vendor to enter into NIAP evaluation. The evaluation is being conducted by SAIC in one of its independent testing laboratories that is accredited to the requirements of the ISO/IEC 15408 Common Criteria Standard for IT Security Evaluation.

NIAP is a U.S. government initiative that establishes a framework for accredited testing laboratories to undertake security testing, evaluation and assessment of information technology (IT) products and systems. The goal of NIAP is to help increase the level of trust consumers have in IT products and systems by providing standardized common security criteria and requirements to independently evaluate them. The U.S. government has established a security policy, National Security Telecommunications and Information Systems Security Policy (NSTISSP) No. 11, which took effect on July 1, 2002, which incorporates the Common Criteria validation process and generally requires federal agencies and others using IT products or systems that enter, store, process, display or transmit national security information to procure only independently validated products or systems, or ones that are "in evaluation" to the extent that alternative products or systems have yet to be validated. The only Common Criteria validation programs sanctioned by the U.S. government under NSTISSP No. 11 are the NIAP validation program, the NIST Federal Information Processing Standards (FIPS) validation program and the International Common Criteria for Information Security Technology Evaluation Mutual Recognition Arrangement.

"As the first software change management vendor to be in evaluation under NIAP, Marimba is setting the standard for validating security functionality in the areas of change management, software distribution, inventory management, and patch management," said Rich Wyckoff, Marimba's president and CEO. "In doing so, we have been able to leverage our experience and expertise from years of selling our products to a number of security-sensitive business sectors, such as financial services, government, healthcare and others."

Many federal agencies, such as the Department of Defense, NASA and the U.S. Agency for International Development (USAID), are using Marimba's software change management offerings to manage their software distribution, OS migration, server management, and security patch management activities. Federal agencies are able to leverage Marimba's technology to manage and distribute software to virtually any endpoint in their networked enterprise. In addition to software distribution capabilities, Marimba provides policy management technology, enabling IT resources to pre-determine how and when software updates are distributed, installed, repaired and removed.

About Marimba
Marimba, Inc. is headquartered in Mountain View, Calif. Marimba's Client Management, Server Management, and Embedded Management product families allow Global 2000 companies to better manage their IT resources, increase operational efficiency and reduce IT costs. Additional information is available at

Marimba is a registered trademark of Marimba, Inc. in the U.S. and/or certain other countries.

Previous Page | News by Category | News Search

If you found this page useful, bookmark and share it on: