Cisco okayed for UK government comms
IPSec cleared for most gummint sites
Cisco has had a bunch of products certified as secure by the GCHQ's information security arm, the Communications & Electronics Security Group (CESG).
The certification only covers the products to handle information up to the UK government's “Official” classification – that is, most government information.
However, as the company's principal information assurance architect Mark Jackson is told Clint Winebrenner in this post, “This award represents the first Foundation Grade IPsec VPN product capable of supporting both the CESG interim and PRIME cipher suites, enabling public sector customers to take full advantage of the very latest cryptographic algorithms.”
The post also notes that the classifications in the UK – Official, Secret and Top Secret – were rejigged in April this year with the aim of letting off-the-shelf products handle data at the lowest classification. That means, presumably, that there will be a lot of similar certifications being granted in the future.
“This model includes two grades of assurance; Foundation Grade and High Grade. Foundation Grade products are COTS products designed to provide protection against threats to information classified as OFFICIAL and certification is achieved through the completion of either a Common Criteria or Commercial Product Assurance (CPA) evaluation,” Cisco says.
The certification covers deployments of IPsec VPN technologies both between government sites, and for remote access. Cisco also has its AnyConnect client currently going through certification for mobile access applications.
The certification includes IPsec security gateway products in Cisco's ASA v9.1 family – hardware models 5505, 5510, 5520, 5540, 5550, 5580, 5512-X, 5515-X, 5525-X, 5545-X, 5555-X and 5585-X.