CyberArk Achieves Common Criteria Certification; Validates CyberArk Solutions to Secure Privileged Access to Federal Systems

CyberArk Becomes the First Vendor to Achieve Certification for Comprehensive Privileged Account Security Solution; Helps Federal Agencies Protect the “Keys to the IT Kingdom”

Newton, Mass. – July 14, 2015 – CyberArk (NASDAQ: CYBR), the company that protects organizations from cyber attacks that have made their way inside the network perimeter, today announced that it has achieved Common Criteria Evaluation Assurance Level EAL 2+ for its comprehensive CyberArk Privileged Account Security Solution. The certification underscores CyberArk’s commitment to helping federal organizations and global enterprises secure privileged accounts – the “keys to the IT kingdom” – before cyber attackers can steal and exploit them to gain access to sensitive data and systems.

As reported in the cyber attack on the U.S. Office of Personnel Management (OPM), attackers exploited privileged credentials to move laterally across networks, conduct reconnaissance without detection, and exfiltrate critical data. In response, the U.S. CIO Tony Scott called for a 30-Day Cybersecurity Sprint – which includes a directive for Federal agencies to focus on tightening policies and practices for privileged users and credentials across networks.

The CyberArk Privileged Account Security Solution helps government organizations prevent the theft, abuse and misuse of privileged credentials in advanced cyber attacks, while better containing threats, and limiting damage.

“In the face of repeated cyber attacks, the U.S. government is rightfully scrambling to tighten policies and practices for privileged accounts to prevent another OPM-style breach,” said Eric Noonan, CEO of Virginia-based CyberSheath Services. “CyberArk is the first company to offer a fully certified and comprehensive privileged account security solution. We look forward to continuing to work with CyberArk, combining its government industry expertise and ability to quickly address high demand, as more organizations work to evolve their cyber security strategies.”

Common Criteria is an internationally approved set of security standards that provides a clear and reliable evaluation of the security capabilities of IT products. This framework provides confirmation that the development, evaluation and validation of an IT product has met specific security standards in accordance with an independent assessment accepted by the most security-conscious customers, such as federal governments. The international scope of Common Criteria, currently adopted by 25 nations, allows users from other countries to purchase IT products with the same level of confidence, due to the recognition of the certification across the complying nations.

“We fully understand and support the urgency in which federal agencies are seeking to secure and protect their privileged account controls. The 30-Day Cybersecurity Sprint puts a spotlight on this critical cybersecurity issue,” said Roy Adar, senior vice president, product management, CyberArk. “The Common Criteria certification further validates CyberArk’s privileged account security capabilities. We are committed to helping organizations be more responsive to emerging cyber threats and launch proactive controls around privileged accounts and users to protect their most valuable assets.”

This certification was conducted by EWA-Canada, one of the accredited Common Criteria testing laboratories, which conducted product testing and evaluated remediation policies, secure delivery process and configuration management process. Virginia-based Corsec was CyberArk’s strategic advisor in this certification process. The CyberArk Privileged Account Security Solution v9.1 is a complete solution to protect, monitor and alert on privileged accounts across the enterprise, cloud and SCADA/OT environments.

“The Common Criteria certification of the CyberArk Privileged Account Security Solution is an important step because CyberArk has now achieved an internationally recognized standard for protection of privileged credentials,” stated Erin Connor, director of the EWA-Canada Common Criteria Test Lab (CCTL). “Achieving this certification demonstrates CyberArk’s commitment to providing high quality security solutions to its customers.

To learn more about securing privileged accounts and credentials in the public sector, download: these resources:

About Corsec Security
Corsec Security is the global leader in providing access to new markets via IT security validations. With the largest staff of experts in the industry and a comprehensive solution that spans consulting, documentation, testing, managed lab services, and strategic product roadmap planning, Corsec has secured more than 350 FIPS 140-2, Common Criteria and UC APL certifications for hundreds of organizations on five continents over the last 15 years. For more information, visit

About CyberArk
CyberArk is the only security company focused on eliminating the most advanced cyber threats; those that use insider privileges to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk proactively secures against cyber threats before attacks can escalate and do irreparable damage. The company is trusted by the world’s leading companies – including 45 percent of the Fortune 100 – to protect their highest value information assets, infrastructure and applications. A global company, CyberArk is headquartered in Petach Tikvah, Israel, with U.S. headquarters located in Newton, Mass. The company also has offices throughout EMEA and Asia Pacific and Japan. To learn more about CyberArk, visit, read the company blog,, follow on Twitter @CyberArk or Facebook at

Future Looking Statements
This release may contain forward-looking statements, which express the current beliefs and expectations of CyberArk’s management. Such statements involve a number of known and unknown risks and uncertainties that could cause the Company’s future results, performance or achievements to differ significantly from the results, performance or achievements expressed or implied by such forward-looking statements. Important factors that could cause or contribute to such differences include risks relating to: changes in the new and rapidly evolving cyber threat landscape; failure to effectively manage growth; fluctuations in quarterly results of operations; real or perceived shortcomings, defects or vulnerabilities in the Company’s solution or the failure of the solution to meet customers’ needs; the inability to acquire new customers or sell additional products and services to existing customers; competition from IT security vendors and other factors discussed under the heading “Risk Factors” in the Company’s most recent annual report on Form 20-F filed with the Securities and Exchange Commission. Forward-looking statements in this release are made pursuant to the safe harbor provisions contained in the Private Securities Litigation Reform Act of 1995. These forward-looking statements are made only as of the date hereof, and the Company undertakes no obligation to update or revise the forward-looking statements, whether as a result of new information, future events or otherwise.