Actu
ZTE obtains the CC EAL3+ certificate for its OTN products
August 2023 by Marc Jacob
ZTE Corporation has announced that it has recently obtained the CC (Common Criteria for Information Technology Security Evaluation) EAL3+ certificate for its OTN products including ZXONE 9700 series, ZXMP M721 series, and ZXONE 7000 series. As a result, ZTE has emerged as the exclusive OTN supplier in the industry to achieve Common Criteria Version 3.1 R5 compliance by the entire protection solution, creating a more reliable security boundary for users.
The CC certification for ZTE OTN Solution has been approved by the Netherlands National Communications Security Agency (NSICB), with the certificate authorized by TüV Rheinland Nederland. The evaluation was conducted by SGS Brightsight, a globally renowned security assessment laboratory based in the Netherlands.
As the most authoritative product security certification in the world, Common Criteria plays a crucial role as a judgment basis for mainstream operators in the industry due to its professionalism and influence in security evaluation. Common Criteria’s EAL3 (Evaluation Assurance Level 3) for system testing and checks represents the highest certification level for system equipment among current communication products. The EAL3+ (ALC_FLR.2 Enhanced) certification indicates that ZTE’s software and hardware meet the requirements of the EAL3 and provide lifecycle security assurance for security flaw remediation.
The international mutual recognition system CCRA (Common Criteria Recognition Arrangement) comprises 31 member countries, with 17 certificate-issuing countries and 14 certificate-consuming countries. Additionally, SOGIS serves as a CC mutual recognition organization specifically for European Union or EFTA (European Free Trade Association) countries, focusing on specific technology areas.
The EAL3+ certification meets the evaluation and recognition requirements of the CCRA and SOGIS. Its evaluation comprehensively covers design and development, process management, information security, personnel security, physical security, asset security, IT security, supply chain security, and penetration testing. This certification unequivocally demonstrates that ZTE OTN products possess complete security capabilities throughout their full lifecycle, ranging from design and development to testing, production and delivery.
Cybersecurity and data protection are global issues. ZTE has always been committed to increasing the security level of its products. Cybersecurity is incorporated into all phases of planning, design, development, production, delivery and maintenance. ZTE strictly implements data protection compliance management. Looking ahead, ZTE will continue to enhance and guarantee product security quality, offering efficient, secure, and trustworthy products and services to global operators.
