Common Criteria EAL4+ certification for SDoT Security Gateway Cross Domain Solution


COLOGNE, Germany, Nov. 18, 2021 /PRNewswire/ — The SDoT Security Gateway received an ISO/IEC 15408 Common Criteria (CC) certification evaluation assurance level (EAL) 4+ from the German Federal Office of Information Security (BSI). INFODAS and its product met one of the most demanding evaluation in the global Cybersecurity industry. Once again SDoT cross domain solutions and their development excel in quality, reliability, integrity and security. The bi-directional High Assurance Guard allows to filter structured and unstructured data and already holds general German, NATO and EU SECRET approvals.

The Bi-directional cross domain solution SDoT Security Gateway, 19”, 1U
The Bi-directional cross domain solution SDoT Security Gateway, 19”, 1U

In the past, sensitive systems and data in the military, government agencies or critical infrastructure were isolated. Even today many classified information protection regulations do not reflect the technological advances in cross domain solutions. These practices and regulations prevent end-to-end digitization of mission critical IT environments, dealing with the IT expert shortage and requirements for rapid decision making among government agencies, military units or multi-national partners. Today, only trusted solutions with an CC EAL4+ certification or national security agency approvals can change this reality. They combine a protocol break with in-depth inspection, transformation and monitoring of data transfers, ensuring only correct and authorized information crosses systems at different security levels.

The German BSI ISO/IEC 15408 common criteria standard schema is the global benchmark in Cybersecurity. A growing number of domestic and international end-users expect IT vendors to produce trusted and reliable evidence for the Cybersecurity capabilities of their products. The CC evaluation process applies objective and verifiable criteria on specified evidence. The depth of evaluation is marked by the evaluation assurance level (EAL) from 1-7. Contrary to the popular collaborative protection profiles (cPPs) which are mostly based on CC EAL 1/2, the SDoT Security Gateway had to meet CC EAL4+. This included extensive penetration tests, vulnerability analysis and source code analysis by independent CC auditors.

The certification process started in 2019 and was conducted by atsec information security GmbH, a German based BSI certified CC auditor, under supervision of the BSI. Beyond the product, INFODAS GmbH had to provide evidence about its research & development practices, product documentation, product support or relevant company processes. The audit benefited from activities related to the German, NATO and EU SECRET approvals. Unlike a common criteria certification that can be initiated by any IT vendor, national security authority approvals require a public sector sponsor.

"The SDoT Security Gateway’s CC EAL4+ certification meets customer demands in various sectors and underlines our leading position in the global cross domain solution market. This shows the strength of our team and that true "zero trust security" products can come from Germany", said Dr. Alexander Konen, Director Solutions. According to Hanns Benigno Groeschke, INFODAS’ CC expert: "BSI accredited CC auditors are highly regarded around the world: They independently, diligently, relentlessly and systematically apply CC standards. In parallel, the Federal Office of Information Security continuously reviews audit results to ensure the highest quality of their CC certifications".

All elements of the Secure Domain Transition (SDoT) Product Family meet the highest requirements for hardware and software security at the SECRET and below interoperability level (SABI). They are developed and manufactured in Germany with full supply chain transparency. They are available as 19", 1U appliances or smaller deployable sizes for vehicles. Other products include the SDoT Security Gateway Express optimized for near real-time, low latency filtering of structured data such as XML or JSON. Just like the SDoT Diode for unidirectional data transfer up to 9.1 Gbit/s, both products hold a general NATO, EU and German SECRET approvals. They are complemented by the SDoT Labelling Service for NATO STANAG 4774/8 compliant data classification with XML security labels that are cryptographically bound to any data object such as MS Office documents.

About INFODAS – connect more.be secure

INFODAS is an independent, family owned business founded in 1974 in Germany. The company develops innovative cross domain solutions based on security-by-design principles and provides Cybersecurity, IT and AI consulting to government, defense and commercial clients. INFODAS SDoT product family cross domain solutions (SDoT Security Gateway, SDoT Diode, SDoT Labelling Service, PATCH.works) are approved up to German, EU, NATO SECRET and are listed in the NATO information assurance catalogue. Combined with OPSWAT Metadefender, Kiosk and Vault, SDoT products protect ensure malware free data entry, storage and retrieval. For the past 15 years SDoT products have been used in the toughest and mission critical environments around the world. They are designed and manufactured in Germany following the security-by-design principle and supply chain transparency.

 

Contact
Dr. Alexander Schellong
VP Global Business
Tel. +49 (0)221 70912234
[email protected]

Dr. Alexander Koenen, Member of the Board & Director Solutions and Hanns Benigno Groeschke, CC expert INFODAS
Dr. Alexander Koenen, Member of the Board & Director Solutions and Hanns Benigno Groeschke, CC expert INFODAS

 

The SDoT Security Gateway enables digitization of mission critical domains
The SDoT Security Gateway enables digitization of mission critical domains

 

 

TechAdmin

Vince is a tech geek, has a passion for sharing knowledge and loves to tinker with different gadgets. Whenever he gets a new gadget he just open the box and figure out how the gadget works without reading the manual.

Learn More →

Leave a Reply

Your email address will not be published. Required fields are marked *