Illumio named a Leader in The Forrester Wave™: Microsegmentation Solutions, Q3 2024.

GET THE REPORT
Blog
/
Zero Trust Segmentation

Illumio Achieves Common Criteria Designation

Aiden Herrod
Marketing Program Specialist
March 24, 2023
23 min. read

Illumio recently achieved a designation for Common Criteria, paving the way for a host of opportunities with global public sector customers.

To learn more about the key designation and the nuances behind the process of achieving Common Criteria, we sat down with Natalio Pincever, Senior Director of Product Management at Illumio.

What is Common Criteria in a nutshell?

Common Criteria is a certification for on-premises products that governments require of software and hardware vendors. The word “common” refers to the fact that it’s recognized by Common Criteria signatories which includes 32 countries.

These 32 countries came together and decided on a minimum acceptable standard for security that they’re willing to recognize. You can complete the certification in one of the 18 Authorizing member countries, and the other 31 will recognize it.

What does the process actually look like?

Common Criteria specifies a set of requirements for the security functionality of IT products and for assurance measures applied to these IT products during a security evaluation.

To kickstart the process, you hire a Common-Criteria-licensed laboratory to run tests to ensure that security functionality is being implemented correctly. Once you have results, those are presented to the National Information Assurance Partnership (NIAP) who is responsible for U.S. implementation of the Common Criteria.

They review the package you present, which includes test results and documentation of the product, and they see if it actually meets the requirements for Common Criteria. They can either grant you the certification or come back with questions. It’s an iterative process of going back and forth until they are happy with the results, at which point they grant a certificate that applies for that product and that version.

What was your role in this process?

This was a team effort. There have been people involved from all across the Illumio organization. Product management, engineering, and the security team have all had a hand in making this happen.

My job as Senior Director of Product Management for Global Public Sector helps ensure that Illumio’s products are consumable by government customers. Having the right certifications is key for this. This process was already well underway when I got here, and I’m happy to have come in and helped get this over the finish line.

What does this mean for the future of Illumio?

Illumio is now able to support new global public sector markets. Moving forward, we intend to do more Common Criteria reviews. The certification does not carry over for the next version of the product – should we want the next version of the product to be certified, we have to go through the whole process all over again. In the future, we intend to create a regular cadence of going through Common Criteria for our on-premises products.

Only a few laboratories are licensed to run the tests necessary for Common Criteria which makes the designation especially exciting for Illumio because it’s validation from a government-certified third party. It also represents our ongoing commitment and further investment in the global public sector market, just like our work to achieve FedRAMP in-process status earlier this year.

Learn more about how Illumio supports global public sector organizations at illumio.com/solutions/government.

Related topics

Government

Related articles

Top Cybersecurity News Stories From March 2024
Zero Trust Segmentation

Top Cybersecurity News Stories From March 2024

Get caught up on some of the top cybersecurity stories from March, including the new NSA information sheet and ROI-driven security spending.

Read more
What to Expect When Starting Out With Microsegmentation
Zero Trust Segmentation

What to Expect When Starting Out With Microsegmentation

If you’re building a zero trust architecture, microsegmentation should be a crucial part of your plan. Here are the 10 things you can plan on doing when starting out with microsegmentation.

Read more
Cybersecurity Awareness Month: Our Top 5 Segmentation Tips for a More Secure Organization
Zero Trust Segmentation

Cybersecurity Awareness Month: Our Top 5 Segmentation Tips for a More Secure Organization

This Cybersecurity Awareness Month, take note of these five Zero Trust Segmentation tips to protect your organization and limit damage from ransomware and cyberattacks.

Read more
Illumio is "In Process" on the FedRAMP Marketplace
Zero Trust Segmentation

Illumio is "In Process" on the FedRAMP Marketplace

What Illumio's new FedRAMP in-process designation means for the FedRAMP marketplace.

Read more
3 Challenges Federal Agencies Face When Implementing Modern Cybersecurity
Cyber Resilience

3 Challenges Federal Agencies Face When Implementing Modern Cybersecurity

The U.S. federal government collects the personal information of almost every citizen. And federal agencies hold valuable data, some of which could put the country in danger if it was released.

Read more
Why Cyber Disasters Are Still Happening — And How to Fix It
Cyber Resilience

Why Cyber Disasters Are Still Happening — And How to Fix It

Get insight from Gary Barlet, Illumio Federal CTO, on why decades of trying to prevent and detect direct attacks by adversaries – and failing – means it's time to shift the focus to containment.

Read more

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?

Learn more