Pivotal’s tc Server Gains Common Criteria Certification; Opens Doors for Federal, Defense, State and Local Agencies to Purchase

August 15, 2013 Stacey Schneider

Buy Pivotal tc Server
Buy Online
Find a Reseller
Contact Sales

On July 17, 2013, Pivotal’s tc Server reached an important milestone—the certification body of the Canadian Common Criteria Evaluation and Certification Scheme (CCS) completed the certification of Pivotal tc Server Standard Edition v2.8.2 RELEASE to the EAL 2+ level of assurance. The successful completion of this certification process, which requires nearly a year of investment, demonstrates Pivotal’s commitment to providing their customers with a high-level of security certified by a third-party.

The Common Criteria certification process is required by federal, defense, state, and local government groups a purchasing requirement. However, more companies are looking into adopting Common Criteria as a purchasing requirement as well—for over 2,053 CIOs, security continues to be a top 10 technology priority. Given the risks of a security breach, even boards of directors and regulatory groups want to know that a company’s information is secure.


We had the opportunity to ask Al Sargent, Director of Pivotal Product Marketing, about this achievement, and he offered this insight, “Just like many companies out there, governments are looking to cloud computing models to run IT, use open source models, provide civic apps, and make civic data more accessible. With a certified, secure stack including tc Server, we place a highly scalable, cloud architecture in the hands of teams who lead these initiatives, and many of these teams need to know that the Common Criteria certification has been achieved.”


Common Criteria certification provides a high, consistent set of standards for the security of information technology products. Licensed, third parties evaluate products by a method accepted across international boundaries. It is also an ISO (15408) standard that details terminology, concepts, evaluation criteria, operations, and a model for security evaluation.

“The Common Criteria certification process is not easy, and Pivotal is demonstrating their commitment to security with this investment in certification,” said Matthew Appler, CEO of Corsec Security, a security certification consulting, documentation, and project management services firm. “tc Server brings a templated web server deployment approach to cloud computing which allows for quick deployment. This unique approach to their product and certification allows for tc Server customers to have not only a product that is top-of-the-line, but also assurance that it is a highly secure.”

In addition to providing customers assurance on security, this certification also opens the door for many highly regulated organizations to purchase and use tc Server, including federal, defense, state and local agencies. Since tc Server is built to be a drop-in replacement for Apache Tomcat with no updates needed to applications, and Apache Tomcat powers the majority of the worlds java applications, this opens the door for organizations who require this certification to now use a distribution of one of the most popular application servers on the planet.

About Corsec Security, Inc.
Corsec Security, Inc. specializes in helping companies navigate through the complex process of receiving FIPS 140-2, Common Criteria, and UC APL certifications and have been for over fifteen years. Corsec’s consulting, document creation, and project management services deliver unmatched expertise in achieving government validation efforts at a firm, fixed price. Corsec partners with companies around the world to achieve local and international certification and to add security functionality to a wide range of products. Corsec minimizes the time, effort and money a vendor needs to invest in validation while ultimately maximizing the return on that investment. For further information, please visit www.corsec.com.

About the Author


New Pivotal Tracker API Now in Public Beta
New Pivotal Tracker API Now in Public Beta

The new Pivotal Tracker developer API (V5) is now open to everyone! It’s completely new, all-JSON, much mor...

1 more reason to use MDPress – GitHub Pages
1 more reason to use MDPress – GitHub Pages

Yesterday I found another reason to love working with MDPress for creating presentations. MDPress is an ope...

SpringOne 2021

Register Now