The first Chinese telecom company to be CC certified
23 May 2011, Shenzhen – ZTE Corporation (“ZTE”) (H share stock code: 0763.HK / A share stock code: 000063.SZ), a publicly-listed global provider of telecommunications equipment and network solutions, has become the first Chinese telecom company to be issued with a CC (the Common Criteria for Information Technology Security Evaluation) security certificate.
TüV Rheinland Nederland B.V., a Netherlands-based international CC security certification firm, awarded ZTE for its security, highlighting the fact that Chinese telecom companies are gaining international recognition for their information technology security.
The test, which took more than six months to complete, was conducted by Brightsight, a leading information technology security test and evaluation lab in the Netherlands.
It is becoming increasingly common for governments to ensure the security of telecom networks by engaging a third-party to do an evaluation.
An authorized certificate has also become one of the prerequisites for telecom equipment to enter somecountries and markets.
Currently CC is the internationally recognized information technology security certification required. The standard adopted in this certification is IEC/ISO15408, which is also known as the CC standard, or the Common Criteria for Information Technology Security Evaluation. CC certification is managed by the national security agency of each CC member state. There are 26 CC member states, including European nations, the United States and Japan, as well as emerging countries such as India.
The CC certification includes the evaluation of technologies such as security performance, loophole analysis, encryption technology and product manual. It also includes systematic evaluations of the entire process from R&D procedure and configuration management to production and shipping.
Brightsight, which performed the evaluations for ZTE, is a lab licensed by the Netherlands, Germany and Norway as well as one of the security evaluation labs recognized by countries such as India. Brightsight Chief Executive Mr. Dirk-Jan Out said that ZTE demonstrated its professionalism and its strict requirement for product security in the evaluation process. He said the quick and efficient implementation of the evaluation confirmed the trustworthiness of ZTE’s products.
ZTE’s quality director Xu Feng said: “We are very thankful to Brightsight for its great support in helping us efficiently carry out the evaluations. This has proven that ZTE’s products are safe and trustworthy. We are willing to follow general international practices to cope with the challenges of telecom network security together with various national governments and organizations to ensure that ZTE’s products meet international security standards.”
ZTE is also actively making applications to other CC member states to do Common Criteria security evaluations for other key products and markets.