ABOUT SYMANTEC

Press Release

Symantec Solutions Achieve International Certifications for Critical Personal Data Protection

MOUNTAIN VIEW, Calif. – August 22, 2012 – Symantec Corp. (NASDAQ: SYMC) today announced Symantec Data Loss Prevention, Symantec Control Compliance Suite and Symantec Endpoint Protection have achieved Federal Service for Technical and Export Control (FSTEK of Russia) certification.


The Federal Service for Technical and Export Control (FSTEK of Russia) is a federal body of executive authority responsible for implementing national policy, ensuring inter-departmental cooperation and coordination, and special and control functions in state security. According to FSTEK Order 58, a mandatory certification is required for the security products deployed for protecting the government confidential/classified information and/or personal data and information of restricted access. The personal data and information of highly confidential nature and of restricted access is categorized by FSTEK as K1-category personal data. Institutions and companies processing K1 personal data are required to use only NDF certified security technology. TU certification involves testing the product functionality to validate its compliance with technical conditions (black box testing) and NDF certification establishes the absence of undeclared capabilities in the product such as buffer overflows, debug passwords and covert channels (source code testing).


In addition, Symantec PGP Whole Disk Encryption has achieved CEGS/CAPS certification in the United Kingdom. CEGS, which operates as the National Technical Authority for Information Assurance (IA) for the UK’s wider public sector (including the Health Service, law enforcement and local government) and the essential services that form the UK's Critical National Infrastructure (such as power and water), provides policy and assistance on the security of communications and electronic data, working in partnership with industry and academia in the United Kingdom.


These certifications enable governments to enact regulations intended to protected personal data. Compliance with personal data protection regulation is the responsibility of the organization, governmental or commercial, who store and process personal data. The compliance with these regulations is controlled via audits carried out by the government appointed entities. Symantec’s certifications enable organizations to meet the requirements of compliance by using certified security products.


Symantec Control Compliance Suite, the company’s enterprise-class IT governance, risk and compliance (GRC) solution, provides a comprehensive compliance and risk management solution that enables security leaders to communicate IT risk in business-relevant terms, prioritize remediation efforts based on business criticality, and automate time-consuming manual assessment processes to improve their organization’s overall security and compliance posture while reducing cost and complexity. Symantec Data Loss Prevention solution delivers a proven, content-aware solution to discover, monitor, protect and manage confidential data wherever it is stored or used. It allows organizations to measurably reduce their risk of a data breach, demonstrate regulatory compliance and safeguard customer privacy, brand equity and intellectual property. Symantec Endpoint Protection solution provides integrated antivirus, antispyware, firewall, and intrusion prevention as well as device control and application control.


“With the increasing amount of data that exists in IT environments, it is essential that protections are in place to guard against intrusions from unauthorized users,” said John Bordwine, chief technology officer of Symantec's Public Sector organization. “These certifications provide assurance that organizations like banks, telecommunications, and health companies that handle personal data are using technologies that uphold the standard of protecting critical personal data.”


Symantec Corporation Worldwide Public Sector Enablement Program is committed to providing IT security products that provide significant value to private and public sector customers. As part of that program, Symantec is continuously improving its internal development efforts and business processes to ensure that it meets and/or exceeds requirements from Common Criteria, Federal Information Processing Standard (FIPS), CEGS/CAPS, VPAT/Section 508, Security Technical Implementation Guide (STIG), Security Content Automation Program (SCAP), Federal Service for Technical and Export Control (FSTEK of Russia), and other local, state, government, and worldwide requirements. Additionally, Symantec maintains active participation in various government working groups and policy development organizations.


About Symantec

Symantec protects the world’s information, and is the global leader in security, backup and availability solutions. Our innovative products and services protect people and information in any environment – from the smallest mobile device, to the enterprise data center, to cloud-based systems. Our industry-leading expertise in protecting data, identities and interactions gives our customers confidence in a connected world. More information is available at www.symantec.com or by connecting with Symantec at: go.symantec.com/socialmedia.


Note to Editors: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.


Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.


Forward-looking Statements: Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and are subject to change. Any future release of the product or planned modifications to product capability, functionality, or feature are subject to ongoing evaluation by Symantec, and may or may not be implemented and should not be considered firm commitments by Symantec and should not be relied upon in making purchasing decisions.