Illumio Achieves Federal Common Criteria Certification for Enterprise Security Management (CDSA)

Illumio announced that it has completed the rigorous and comprehensive security testing and evaluation for Common Criteria certification. Illumio’s solution is now the first segmentation solution to be certified for the National Information Assurance Partnership (NIAP) Protection Profile for Enterprise Security Management version 2.1.

With Common Criteria certification, Illumio’s Adaptive Security Platform (ASP) meets the Information Assurance (IA) requirements for U.S. Defense agencies, Allied Defense agencies, and other regulated industries to prevent the spread of breaches inside data center and cloud environments. Furthermore, Defense agencies looking to secure their high-value assets (HVAs) and critical applications can now leverage Illumio’s platform, which allows them to implement a Zero Trust environment. Zero Trust helps address one of the biggest challenges faced in the industry – insider threats.

“Government agencies face a myriad of cyber threats not only from outside actors but also insiders such as contractors and temporary workers who inadvertently put the network at risk. In fact, the issue is of such importance that the Department of Defense recently asked the National Institute of Standards and Technology (NIST) to develop a custom security guidance document for contractors to follow to better protect unclassified and classified materials,” said Don French, Director of Federal Sales, Illumio. “With Common Criteria certification, our Adaptive Security Platform can now be leveraged by agencies to isolate threats and prevent malicious acts from moving laterally across their network to ensure the integrity of their critical data and high-value assets.”

Illumio’s real-time application dependency maps, vulnerability exposure insights, and security micro-segmentation work across any data center and any cloud on bare-metal servers, virtual machines, and containers. The company’s approach to cybersecurity focuses on decoupling security segmentation from the network infrastructure, greatly simplifying the creation, testing, and enforcing of security policy without impacting network performance in any way. With Illumio’s micro-segmentation solution, organizations can assure their most valued assets are protected. The approach is faster, safer, and much less expensive than traditional segmentation approaches.

In December of 2018, the Office of Management and Budget (OMB) released a memorandum outlining a new protocol for the securing of high-value assets (HVAs) for government agencies. Within the memorandum, the OMB—in conjunction with the Department of Homeland Security—cited the following elements:

– Establishing Enterprise HVA Governance;
– Improving the Designation of HVAs;
– Implementing Data-Driven HVA Prioritization;
– Increasing the Trustworthiness of HVAs;
– Protecting Privacy and HVAs; and
– Defining HVA Reporting, Assessment, and Remediation Requirements.

The Common Criteria for Information Technology Security Evaluation—an international framework (ISO/IEC 15408)—defines a common approach for evaluating security features and capabilities of IT security products. A certified product is one that a recognized Certification Body asserts as having been evaluated by a qualified, accredited, and independent evaluation laboratory competent in the field of IT security evaluation to meet the requirements of the Common Criteria and Common Methodology for Information Technology Security Evaluation (CEM).