Blog
/
Zero Trust Segmentation

Illumio Achieves Common Criteria Designation

Aiden Herrod
Marketing Program Specialist
March 24, 2023
23 min. read

Illumio recently achieved a designation for Common Criteria, paving the way for a host of opportunities with global public sector customers.

To learn more about the key designation and the nuances behind the process of achieving Common Criteria, we sat down with Natalio Pincever, Senior Director of Product Management at Illumio.

What is Common Criteria in a nutshell?

Common Criteria is a certification for on-premises products that governments require of software and hardware vendors. The word “common” refers to the fact that it’s recognized by Common Criteria signatories which includes 32 countries.

These 32 countries came together and decided on a minimum acceptable standard for security that they’re willing to recognize. You can complete the certification in one of the 18 Authorizing member countries, and the other 31 will recognize it.

What does the process actually look like?

Common Criteria specifies a set of requirements for the security functionality of IT products and for assurance measures applied to these IT products during a security evaluation.

To kickstart the process, you hire a Common-Criteria-licensed laboratory to run tests to ensure that security functionality is being implemented correctly. Once you have results, those are presented to the National Information Assurance Partnership (NIAP) who is responsible for U.S. implementation of the Common Criteria.

They review the package you present, which includes test results and documentation of the product, and they see if it actually meets the requirements for Common Criteria. They can either grant you the certification or come back with questions. It’s an iterative process of going back and forth until they are happy with the results, at which point they grant a certificate that applies for that product and that version.

What was your role in this process?

This was a team effort. There have been people involved from all across the Illumio organization. Product management, engineering, and the security team have all had a hand in making this happen.

My job as Senior Director of Product Management for Global Public Sector helps ensure that Illumio’s products are consumable by government customers. Having the right certifications is key for this. This process was already well underway when I got here, and I’m happy to have come in and helped get this over the finish line.

What does this mean for the future of Illumio?

Illumio is now able to support new global public sector markets. Moving forward, we intend to do more Common Criteria reviews. The certification does not carry over for the next version of the product – should we want the next version of the product to be certified, we have to go through the whole process all over again. In the future, we intend to create a regular cadence of going through Common Criteria for our on-premises products.

Only a few laboratories are licensed to run the tests necessary for Common Criteria which makes the designation especially exciting for Illumio because it’s validation from a government-certified third party. It also represents our ongoing commitment and further investment in the global public sector market, just like our work to achieve FedRAMP in-process status earlier this year.

Learn more about how Illumio supports global public sector organizations at illumio.com/solutions/government.

Related topics

Government

Related articles

Why You Need Both EDR and Zero Trust Segmentation
Zero Trust Segmentation

Why You Need Both EDR and Zero Trust Segmentation

Regardless of your stance on EDR vs XDR, Illumio complements both products with Zero Trust Segmentation policies that leave attackers little room to maneuver.

Read more
5 Tips to Simplify Workload Labelling for Microsegmentation
Zero Trust Segmentation

5 Tips to Simplify Workload Labelling for Microsegmentation

Here are five tips to simplify for your workload labelling process.

Read more
Network Security is Not Workload Security
Zero Trust Segmentation

Network Security is Not Workload Security

There are distinct differences between network security and network-based solutions and workload security and solutions like micro-segmentation.

Read more
Illumio is "In Process" on the FedRAMP Marketplace
Zero Trust Segmentation

Illumio is "In Process" on the FedRAMP Marketplace

What Illumio's new FedRAMP in-process designation means for the FedRAMP marketplace.

Read more
3 Challenges Federal Agencies Face When Implementing Modern Cybersecurity
Cyber Resilience

3 Challenges Federal Agencies Face When Implementing Modern Cybersecurity

The U.S. federal government collects the personal information of almost every citizen. And federal agencies hold valuable data, some of which could put the country in danger if it was released.

Read more
Why Cyber Disasters Are Still Happening — And How to Fix It
Cyber Resilience

Why Cyber Disasters Are Still Happening — And How to Fix It

Get insight from Gary Barlet, Illumio Federal CTO, on why decades of trying to prevent and detect direct attacks by adversaries – and failing – means it's time to shift the focus to containment.

Read more

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?

Learn more