Cisco has had a bunch of products certified as secure by the GCHQ's
information security arm, the Communications & Electronics Security
Group (CESG).
The certification
only covers the products to handle information up to the UK
government's “Official” classification – that is, most government
information.
However, as the company's product certification engineer Clint Winebrenner writes,
“This award represents the first Foundation Grade IPsec VPN product
capable of supporting both the CESG interim and PRIME cipher suites,
enabling public sector customers to take full advantage of the very
latest cryptographic algorithms.”
Winebrenner also notes that the
classifications in the UK – Official, Secret and Top Secret – were
rejigged in April this year with the aim of letting off-the-shelf
products handle data at the lowest classification. That means,
presumably, that there will be a lot of similar certifications being
granted in the future.
“This model includes two grades of
assurance; Foundation Grade and High Grade. Foundation Grade products
are COTS products designed to provide protection against threats to
information classified as OFFICIAL and certification is achieved through
the completion of either a Common Criteria or Commercial Product
Assurance (CPA) evaluation,” Winebrenner writes.
The certification
covers deployments of IPsec VPN technologies both between government
sites, and for remote access. Cisco also has its AnyConnect client
currently going through certification for mobile access applications.
The
certification includes IPsec security gateway products in Cisco's ASA
v9.1 family – hardware models 5505, 5510, 5520, 5540, 5550, 5580,
5512-X, 5515-X, 5525-X, 5545-X, 5555-X and 5585-X.
No comments:
Post a Comment