Common Criteria EAL4+ certification for SDoT Security Gateway Cross Domain Solution

The SDoT Security Gateway received an ISO/IEC 15408 Common Criteria (CC) certification evaluation assurance level (EAL) 4+ from the German Federal Office of Information Security (BSI). INFODAS and its product met one of the most demanding evaluation in the global Cybersecurity industry. Once again SDoT cross domain solutions and their development excel in quality, reliability, integrity and security. The bi-directional High Assurance Guard allows to filter structured and unstructured data and already holds general German, NATO and EU SECRET approvals.

In the past, sensitive systems and data in the military, government agencies or critical infrastructure were isolated. Even today many classified information protection regulations do not reflect the technological advances in cross domain solutions. These practices and regulations prevent end-to-end digitization of mission critical IT environments, dealing with the IT expert shortage and requirements for rapid decision making among government agencies, military units or multi-national partners. Today, only trusted solutions with an CC EAL4+ certification or national security agency approvals can change this reality. They combine a protocol break with in-depth inspection, transformation and monitoring of data transfers, ensuring only correct and authorized information crosses systems at different security levels.

The German BSI ISO/IEC 15408 common criteria standard schema is the global benchmark in Cybersecurity. A growing number of domestic and international end-users expect IT vendors to produce trusted and reliable evidence for the Cybersecurity capabilities of their products. The CC evaluation process applies objective and verifiable criteria on specified evidence. The depth of evaluation is marked by the evaluation assurance level (EAL) from 1-7. Contrary to the popular collaborative protection profiles (cPPs) which are mostly based on CC EAL 1/2, the SDoT Security Gateway had to meet CC EAL4+. This included extensive penetration tests, vulnerability analysis and source code analysis by independent CC auditors.

The certification process started in 2019 and was conducted by atsec information security GmbH, a German based BSI certified CC auditor, under supervision of the BSI. Beyond the product, INFODAS GmbH had to provide evidence about its research & development practices, product documentation, product support or relevant company processes. The audit benefited from activities related to the German, NATO and EU SECRET approvals. Unlike a common criteria certification that can be initiated by any IT vendor, national security authority approvals require a public sector sponsor.

“The SDoT Security Gateway’s CC EAL4+ certification meets customer demands in various sectors and underlines our leading position in the global cross domain solution market. This shows o strength of our team and that true “zero trust security” products can come from Germany”, said Dr. Alexander Konen, Director Solutions. According to Hanns Benigno Groeschke, INFODAS‘ CC expert: “BSI accredited CC auditors are highly regarded around the world: They independently, diligently, relentlessly and systematically apply CC standards. In parallel, the Federal Office of Information Security continuously reviews audit results to ensure the highest quality of their CC certifications”.

All elements of the Secure Domain Transition (SDoT) Product Family meet the highest requirements for hardware and software security at the SECRET and below interoperability level (SABI). They are developed and manufactured in Germany with full supply chain transparency. They are available as 19”, 1U appliances or smaller deployable sizes for vehicles. Other products include the SDoT Security Gateway Express optimized for near real-time, low latency filtering of structured data such as XML or JSON. Just like the SDoT Diode for unidirectional data transfer up to 9.1 Gbit/s, both products hold a general NATO, EU and German SECRET approvals. They are complemented by the SDoT Labelling Service for NATO STANAG 4774/8 compliant data classification with XML security labels that are cryptographically bound to any data object such as MS Office documents.

Information

Date: 18.11.2021

Location: Cologne, Germany

Topic: Cross Domain Solutions, Press releases

Contact for questions:

infodas
Tanja Castell
Head of Marketing
marketing@infodas.de
+49.221.70912234

Bewegte Kommunikation
Angela Recino
a.recino@bewegtkommunikation.de
+49.2241.2007011

Downloads: