COMMUNICATIONS SECURITY ESTABLISHMENT Certificate of Product Evaluation CA Technologies CA API Gateway v9.2 Access Control Devices and Systems CA Technologies This is to certify that the named product has been evaluated under the terms and conditions of the Canadian Common Criteria Scheme and complies with the requirements for Common Criteria Recognition Agreement (CCRA). Standard Protection Profile for Enterprise Security Management Policy Management, v2.1, 24 Conformance Claim: October 2013 and Standard Protection Profile for Enterprise Security Management Access Control, v2.1, 24 October 2013 CC Evaluation Facility: EWA-Canada Date Issued: 10 October 2017 The IT product identified in this certificate has been evaluated at an approved evaluation facility established under the Canadian Common Criteria Scheme using the Common Methodology for IT Security Evaluation, Version 3.1 Revision 5, for conformance to the Common Criteria for IT Security Evaluation, Version 3.1 Revision 5. This certificate applies only to the specific version and release of the product in its evaluated configuration and in conjunction with the complete certification report. The evaluation has been conducted in accordance with the provisions of the Canadian Common Criteria Scheme and the conclusions of the evaluation facility in the evaluation report are consistent with the evidence adduced. This certificate is not an endorsement of the IT product by CSE or by any other organization that recognizes or gives effect to this certificate, and no warranty of the IT product by CSE or by any other organization that recognizes or gives effect to this certificate, is expressed or implied. ORIGINAL SIGNED 383-4-417 Manager COTS Assurance Programs