ZTE's IP network products pass CC EAL3+, the highest security certification of international authoritative communication equipment

• ZTE's IP network products have obtained the CC EAL3+ certification, covering the ZXR10 5960, ZXR10 9900, ZXR10 M6000, and ZXCTN 9000 series
• ZTE becomes the industry's first supplier to pass the CC EAL3+ certification with the IP network products as the evaluation object
• ZTE's IP network products demonstrate perfect security assurance capabilities throughout the full lifecycle

Shenzhen, China, 13 September 2024 - ZTE Corporation (0763.HK / 000063.SZ), a global leading provider of integrated information and communication technology solutions, today announced that its IP network products have obtained the CC (Common Criteria for Information Technology Security Evaluation) EAL3+ (augmented with ALC_FLR.2) certification.

This certification covers a total of 25 mainstream device models, including the ZXR10 5960, ZXR10 9900, ZXR10 M6000, and ZXCTN 9000 series. This signifies ZTE's commitment to industry-leading security for its IP network products, making it the first supplier in the industry to achieve CC EAL3+ certification for its IP network products.

The certification was conducted by the globally renowned security evaluation laboratory SGS Brightsight of the Netherlands. The Netherlands Scheme for Certification in the Area of IT Security (NSCIB) ultimately authorized TrustCB B.V. to issue the certificate. The scope of evaluation includes the design and development, process management, information security, personnel security, physical security, asset security, IT security, supply chain security, and penetration testing of IP network  products. This certificate indicates that ZTE's IP network products have robust security assurance capabilities throughout their lifecycle, covering design, development, testing and verification, production and manufacturing, and delivery.

As the most authoritative international security certification, the CC meets the evaluation and recognition requirements of the CCRA and SOGIS systems. CC and EAL (Evaluation Assurance Level) are mainly used to evaluate the security of information technology products or solutions in the entire process. This standard divides IT products and systems into seven security assurance levels. The third level (EAL3) for system test and inspection is the leading security certification level for system-level equipment of current communication products. The EAL3+ means that the software and hardware of the ZTE IP network products allow the lifecycle security assurance for security defect repair on the basis of the EAL3. 

Li Qiang, General Manager of Transport Network Product Line and Vice President of ZTE, said: "Cybersecurity is a hot topic globally. As a major supplier of global IP network products worldwide, ZTE has long been investing in cybersecurity. In practice, certification based on common criteria is the most effective approach to addressing security trust issues. The successful attainment of this CC EAL3+ certification enables third parties to reach objective trust conclusions, understand the verifiable and quantifiable security of ZTE devices, and provide internationally recognized security assurances. Cybersecurity is an ongoing concern, and ZTE is committed to continually enhancing management and technological practices to deliver secure and trustworthy products and services."

For more information on CC certification, please refer to the following link:  

https://www.commoncriteriaportal.org/products/index.cfm