ZTE obtains CC EAL4+ certificate for its 5G RAN products

• The CC EAL4+ certificate represents the highest level of CC standard certification in the realm of wireless products and has stricter requirements than CC EAL3+
• ZTE anticipates deeper cooperation with regulatory agencies, standard organizations, and customers in aspects such as security standard formulation, verification, and innovation

Shenzhen, China, 5 September 2024 - ZTE Corporation (0763.HK / 000063.SZ), a global leading provider of integrated information and communication technology solutions, has successfully passed the Common Criteria (CC) EAL4+ certification for its 5G RAN solution. This certificate, issued by TrustCB, represents the highest level of CC standard certification in the realm of wireless products, further solidifying ZTE's position as an industry leader.

As a widely recognized standard for security evaluation, the objective of CC certification is to enhance the consistency, comparability, and credibility of security evaluations. Among the various Evaluation Assurance Levels (EAL), EAL4+ certification is highly regarded due to its rigorous evaluation standards. Compared to CC EAL3+, EAL4+ not only requires products to meet higher standards in terms of security functions, security design, configuration management, and security testing but also conducts in-depth reviews of product source codes. It profoundly analyzes their internal implementation logic and structure, accurately detects internal potential risks and vulnerabilities, and ensures that product security complies with the industry's highest guidelines.

Li Xiaotong, Vice President of ZTE and General Manager of RAN, remarked: "ZTE believes that a common certification framework and unified standards are the cornerstone for verifying product security capabilities. The successful passing of CC EAL4+ proves the verified and quantified security strength of ZTE's wireless products. We also anticipate deeper cooperation with regulatory agencies, standard organizations, and customers in aspects such as security standard formulation, verification, and innovation."

In addition to the CC certifications, ZTE's RAN products have also passed authoritative security audits and certifications such as GSMA NESAS, German BSI NESAS CCS-GI, and ISO27701, fully demonstrating ZTE's outstanding execution ability and exemplary level in security governance.

Moving forward, ZTE remains committed to openness and transparency, compliance with security laws and regulations, developing the best security practices in the industry. The company will continue to seek authoritative security certifications, and actively conduct independent third-party security evaluations to provide customers with secure and trustworthy products and services.